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The round number (R) is set to zero (100), then the round 
number (R) is incremented by one (102). The plaintext data (104) is 
subjected to a variable permutation (106). An entry is selected from 
the permutation table memory (108) and a value is selected from the 
Mask table memory (110) to conduct the variable permutation (106). 
Then, a choice component (Q is equated with round number (R). 
Next, a first variable key addition operation (114) is carried out on 
the data employing a key from the key table memory (1 16) and a va- 
lue from the Mask table memory (110). In the next step (118), the 
choice component (Q is set to a value one greater than the round 
number (R). The following step (120) determines if choice compo- 
nent (Q is equal to 1 1. If the choice component (C) is equal to 1 1, 
then the choice component (Q is set equal to 1 and another variable 
key addition is performed (122). Otherwise, a variable key addition is 
performed immediately (122). 
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ENCRYPTION SYSTEM 

BACKGROUND OF THE INVENTION 

1* Field of the Invention 

This invention relates to cryptography and, more 
5 particularly , to a system for protecting stored and 
transmitted data from cryptanalytic attack. 
2. Description of the Prior Art 

The use of various cryptographic systems for 
converting secret or sensitive information from an 

10 intelligible form to an unintelligible form is well 
established. The intelligible form of the information or 
data is called "plaintext* and the unintelligible form is 
called "ciphertext" . The process of converting from 
plaintext to ciphertext is called "encryption" or 

15 "encipherment" and the reverse process is called 
"decryption" or "decipherment". Most cryptographic 
systems make use of a secret value called the key. 
Encryption and decryption are easy when the algorithm and 
the key are known, but decryption should be virtually 

20 impossible without the use of the correct key. The 
process of attempting to find a shortcut method, not 
envisioned by the designer of the algorithm, for 
decrypting the ciphertext when the key is unknown is 
called "cryptanalysis". 

25 Cryptography has a long history, tracing its 

roots back to at least the time of Julius Caesar who 
employed a substitution cipher in which each letter in the 
plaintext was replaced by the third later letter in the 
alphabet. Thus , Julius Caesar employed a linear 

30 substitution cipher which used the number three as the 
secret key. Non-linear substitutions, in which the 
alphabet is scrambled or mixed, are also well-known. 
However, simple substitutions, whether linear or non- 
linear, are relatively easy to attack when only a few 

35 sentences of the ciphertext are known. Indeed, William 
Legrand in Edgar Allan Poe's short story "The Gold-Bug" 
was able to locate a fortune in buried gold and jewels by 
a cryptanalytic attack on Captain Kidd's message. 
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Todays businesses require a much more 
sophisticated and secure encryption system to protect 
private message transmissions from computers, facsimile 
machines, baulking machines, and the like. The most secure 
5 key based system in the history of cryptography is the one 
time tape or one time pad. In this system, the key is as 
long as the message to be encrypted and is simply added 
(modular arithmetic) to the message. The key is used only 
once and is randomly derived. Although this method is 

10 secure, it is inefficient to create new keys for every 
block of information transmitted and then secretly 
distribute these keys. Therefore, the one time tape is 
seldom if ever used in most applications. 

The goal of modern cryptography is to create an 

15 encryption system which may not be compromised through 
current cryptanalytic techniques, or the benefit of 
breaking the system is not worth the effort required to 
penetrate the system. In other words, the goal is to 
design a system which is very difficult to break with 

20 current cryptanalytic methods. This is in contrast to the 
one time pad technique which is impenetrable in both 
theory and in practice. The one time tape should remain 
cryptographically unbreakable despite advances in the art 
of cryptanalysis. However, other prior art systems can 

25 and will be broken in time. 

Modern encryption systems generally use a short 
key, such as a key which is eight characters in length. A 
good example of a modern system is the Data Encryption 
Standard ("DES") which was developed by IBM in the early 

30 1970 's and which was adopted by the United States Bureau 
of Standards as the standard encryption system for 
business and non-military government use. Patents 
directed to the DES include U.S. Patents Nos. 3,958,081 
and 3,962,539. The Data Encryption Standard is a block 

35 type of cipher in which a portion or block of the data to 
be encrypted is permutated with a prearranged permutation 
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table, modified with a key, and then substituted with a 
predetermined substitution table. This process is 
repeated numerous times in what are referred to as rounds. 
Permutation is also referred to as "transposition" and is 
a common cryptographic function in which the positions of 
letters in a message are scrambled in accordance with a 
predetermined set of directions. 

Other modern encryption systems have attempted 
to simulate the key generation process of a one time pad 
by using pseudo-random generators which creates a long 
series of keys having the ' statistical property of 
randomness. Such patents includes U.S. Patents Nos. 
3,700,806 and 4,369,332." The receiver on the other end of 
the transmission would have a pseudo-random generator 
generating keys and using them to decrypt the transmitted 
ciphertext. Thus the system can change keys as often as 
desired, even changing the key for every block to be 
encrypted. The use of pseudo-random generators has 
greatly enhanced the strength of many systems, but it does 
not perfectly create a one time pad. 

In the cryptanalysis of non-military encryption 
systems, the following assumptions are generally made: (1) 
The cryptanalyst knows the encryption system and tables 
used. if a pseudo-random generator is used, it is also 
25 assumed to be known. (2) The cryptanalyst does not know 
the key. Items 1 and 2 together are generally referred to 
as Kerckhoff's assumption. (3) The cryptanalyst has a 
large quantity of previously transmitted plaintext. (4) 
The cryptanalyst has a large quantity of previously 
30 recovered ciphertext corresponding to the plaintext. 

A cryptographic system must demonstrate adequate 
strength under the above conditions. a pseudo-random 
generator system does not meet all of the criteria for a 
one time tape. If a pseudo-random generator is used, the 
relationship between the keys generated would then be 
given. Although the cryptanalyst may not know the string 
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of keys output (if the generator were key based) , he or 
she would still know the relationship of the key series as 
it is stated in the pseudo-random' generator algorithm. In 
addition, pseudo-random generators must also be provided 
5 with a "seed" value. This, in essence, is another key 
which has to be generated and distributed for the system. 
The Data Encryption Standard, with its predetermined 
permutation and substitution tables and predetermined 
ordering of the use of these tables, is also subject to 

10 cryptanalytic attack. Although the Data Encryption 
Standard algorithm is a strong encryption system because 
it is quite complex, it is not impervious to attack by 
mathematical analysis. 

Another technique employing some of the features 

15 of a one time pad uses a key table. In this technique, a 
table including numerous, predetermined keys is included 
in the encryption system. The keys are then each changed 
by the secret key. One example of this method can be seen 
in U.S. Patent No. 4,776,011. This technique does not 

20 perfectly simulate the one time pad for the same reasons 
the pseudo-random generators do not. The original key 
table gives the relationship of the keys. Also, in such 
systems, the order in which the keys are chosen is stated 
by the system's algorithm, the key combinations selected 

25 may be repeated, and without an initializing vector, the 
same key table will always be used until a new secret key 
is provided. The invention disclosed herein uses a key 
table in a unique methodology to overcome these obstacles. 

Another method for creating a strong theoretical 

30 and practical encryption system is to use a one time 
function. In this method, every data block encrypted is 
enciphered by a different cryptographic function 
combination- In other words, the tables used in the 
encryption process are variable and a different 

35 combination will be chosen by each data block. 
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Variable functions have also been done in prior 
art. One example is in U.S. Patent No. 4,751,733 which 
includes the use of variable substitution. This patent 
has many limitations: the patent provides encryption 
5 specifically for . binary words; the substitution tables 
must be set up and operate in close relationship to the 
binary arrangement of the secret key; control codes, which 
form a key complement or auxiliary key, are needed to 
direct the substitution process; the method is 
10 specifically a substitution-permutation enciphering 
device; the method does not provide for a variable 
permutation or other functions; and the method does not 
provide for an initializing vector which is necessary for 
one time tape simulation. 

It is, therefore, an object of this invention to 
overcome the weaknesses found in other systems and produce 
a system which simulates the one time pad process yet 
requires only a single key. it is another object of the 
present invention to provide an encryption system which 
cannot be compromised in theory or in practice, and which 
allows for a perfect simulation of a one time pad system. 
It is also an object to create a cryptographic system 
which provides a one time method approach in that every 
unique block of data is functionally transformed uniquely. 
Such has not been accomplished by the prior art and, as a 
result, the system would offer stronger cryptographic 
measures against attack. It is also an object of the 
present invention to provide a secure encryption system 
which is flexible enough for a variety of applications, 
such as file storage, data transmission, telecommunication 
coding and the like. It is also an object to provide an 
encryption system which permits the use of the block 
cipher format and provides complete inter-symbol 
dependency therein. 
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SUMMARY OF THE INVENTION 
Accordingly , I have developed a cryptographic 
system which includes the creation of a key table from a 
single key such that the relationship between the keys in 
5 the key table cannot be determined even if the system 
implementation is known. This is accomplished through the 
use of variable functions in which the determinants are 
changed by the variable function chosen by the 
determinant. Thus, the functions used in creating the key 

10 table do not have to be one-to-one functions . The 
determinants are based on the key. From the key table, 
four blocks of bytes of additional key based determinants 
are formed which are called masks. These masks are formed 
from the keys. The original key does not exist in either 

15 the key table or the mask table. 

The system in accordance with the preferred 
embodiment of the present invention uses the key table in 
a multiple round encryption process. Thus, every possible 
plaintext combination would be encrypted with a different 

20 key combination. The keys chosen from the table for a key 
addition operation are a function of the plaintext, the 
current state of the ciphertext, and the mask values. 
Therefore, the order in which the keys are chosen is not 
predetermined or patterned. The system also selects the 

25 other encryption functions, including permutations and 
substitutions, by the plaintext, current state of the 
ciphertext and the mask values. In this way, every block 
will be encrypted with a different combination of 
permutations and substitutions. 

30 The cryptographic system introduces a function 

hereinafter referred to as the enclave function. This 
function also operates on lookup tables and creates 
complete inter-symbol dependency on the block of bytes. 
The particular table used with the enclave function is 

35 determined only by the mask values. In this way, every 
block will undergo the same enclave combinations. 
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However, the combination will still be unknown to an 
attack since the combination chosen is determined from the 
mask values which were derived from the unknown key. 

After the information passes through the 
5 predetermined number of rounds of permutations, key 
additions, enclaves and substitutions, it can be 
transmitted or stored. Decryption is essentially 
accomplished by reversing the order of operations with the 
inverse functions of the substitutions, enclaves, key 
10 additions and permutations. The key additions are the 
same as their inverses. 

BRIEF DESCRIPTION OF THE DRAWINGS 
FIG. 1 is a flow chart of the encryption of a 
length of plaintext in accordance with the present 
15 invention; 

FIG * 2 is a flow chart of the table 
initialization step shown in FIG. l; 

FIG. 3 is a block diagram showing the creation 
of each entry in the key table; 

20 FIG * 4 is a diagram representing an example of 

one entity in a permutation table; 

FIG. 5 is a schematic representation of an 
example of one entry in a substitution table; 

FIG. 6 is a block diagram of the enclave 
25 function used in the present invention; 

FIG. 7 is a block diagram of the autoclave 
function used in the enclave function of FIG. 6; 

FIG. 8 is a flow chart of the overall encryption 
process of a block of plaintext in accordance with a 
30 preferred embodiment of the present invention; 

FIG. 9 is a block diagram of the variable 
permutation used in the encryption process of FIG. 8; 

FIG. io is a block diagram of the variable key 
addition used in the encryption process of fig. 8; 

35 FIG * 11 is a bloc * diagram of the variable 

substitution used in the encryption process of FIG. 8; 
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FIG. 12 is a flow chart of the overall 
decryption process of a single block of ciphertext which 
was encrypted by the process shown in FIG. 8; 

FIG. 13 is a block diagram of the inverse 
5 variable substitution used in the decryption process of 
FIG. 12; 

FIG . 14 is a block diagram of the inverse 
enclave function used in the decryption process of FIG. 
12; 

10 FIG. 15 is a block diagram of a portion of the 

autoclave function used in the inverse enclave function of 
FIG. 14; 

FIG. 16 is a block diagram of the inverse 
variable key addition used in the decryption process of 
15 FIG. 12; and 

FIG. 17 is a block diagram of the inverse 
variable permutation used in the decryption process of 
FIG. 12. 

DESCRIPTION OF THE PREFERRED EMBODIMENT 

20 In a preferred embodiment , the cryptographic 

system of the present invention is operated in a block 
cipher format in which small chunks of the plaintext data, 
referred to commonly as blocks , are encrypted and 
decrypted at one time. Preferably, the encryption and 

25 decryption takes place in a multiple round block type of 
format. However, it is to be understood that the 
invention of the present application can also be used in 
other cryptographic systems, such as stream ciphers and 
the like, and that multiple rounds may not be employed, 

30 However, multiple rounds will strengthen the system 
considerably . 

The encryption system of the present invention 
uses, in a preferred embodiment, modular arithmetic which 
is a cyclic mathematical function based on a particular 

35 whole number referred to as the modulus. Counting is done 
by successive incrementing until the number one is less 
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than the modulus reached, and then starting over again 
with zero. An example of modular 3, compared with whole 
numbers, can be shown as follows: 

Wh ° le: 0 1 2 3 4 5 6 7 8 9 10 
5 Mod 3: 0 1 . 2 0 1 2 0 1 2 0 1 
Thus, 10 modular 3, which is commonly abbreviated as 10 
mod 3, is equal to 1. Modular arithmetic can more easily 
be done by successively subtracting the modular from the 
number in question until the result is between zero and 
10 the modulus minus 1. For example: 10 - 3 = 7; 7 - 3 . 4. 
and 4-3 = 1. Thus, 10 inod 3 = 1, since the last 
subtraction resulted in an answer between 0 and 2, with 2 
= modulus - 1. ^ general format for a modular 
arithmetic function is (whole number) mod (modulus) = 
15 whole number smaller than the modulus. 

As shown in FIG. 1, the system commences at the 
start, reference 10, and then control passes to reference 
12 for the initialization of various tables in memory. As 
will be explained hereinafter in more detail, a number of 
tables are supplied to the system and a number of tables 
created within the system. This takes place initially 
before any plaintext or ciphertext is encrypted or 
decrypted. Control then passes to reference 14 where the 
first block of plaintext is selected. Although FIG. 1 is 
shown in connection with the encipherment of blocks of 
plaintext, the same steps would also be followed for 
decrypting selected blocks of ciphertext. Control then 
passes to reference 16 where the selected block of 
plaintext is encrypted in accordance with the 
30 cryptographic system of the present invention. if there 
is more plaintext left to be encrypted, as determined by 
query is, the next block of plaintext is selected at 
reference 20 and the next block is encrypted, if there is 
no more plaintext, then the system stops operation at 
35 reference 22. 
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The step of initializing the tables in memory is 
shown in more detail in FIG. 2. A permutation table, an 
S-box table and an enclave table are initially loaded into 
the system's memory at reference 30. The permutation 
5 table includes a. plurality of addressable entries which 
dictate in a particular fashion how the position of the 
bytes in the block of data undergoing encryption will be 
scrambled, or will be descrambled for decryption. This is 
a commonly used cryptographic technique. The S-box table 

10 is an arrangement for a plurality of substitution entries 
which dictate, as directed by a particular entry, how the 
actual values of each byte of the block undergoing 
transformation will be changed to another value. While 
this could be included in the form of a standard 

15 substitution table, the S-box table arrangement is more 
efficient computationally and is well-known in the field 
of cryptography. The enclave table, loaded into the 
memory at reference 30, will be explained hereinafter in 
more detail. 

20 The initial key is then loaded into the system 

at reference 32. For purposes of this application, a key 
is any secret value or data block which is not expressly 
stated or set forth in the system implementation, 
algorithm or tables, but is installed or loaded into the 

25 system to direct the cryptographic process. Basically, a 
key is a secret value or values upon which the 
cryptographic process acts, but is not a part of the 
algorithmic implementation. The system then decides at 
query 34 whether an initializing vector is included. The 

30 use of an initializing vector is common in the field and 
is typically used when transmitting data across telephone 
lines and the like. The initializing vector is sent 
across the lines before the enciphered data and is used in 
further decryption of the data. As shown at reference 36, 

35 the key is combined with the initializing vector in an 
Exclusive OR operation, in a bit by bit manner, to modify 
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the initial key which is then used at reference 38 to 
generate the key table. Rather than use an Exclusive OR 
function, the values of each byte in the key could be 
added to the value of each byte in the initializing vector 
5 to modify the initial key. These are both standard 
techniques in cryptography for using an initializing 
vector in connection with a key. if no initializing 
vector is used, then control passes directly to reference 
38 where the key table is generated from the unchanged 

10 initial key. once the key table is created, then control 
passes to reference 40 where the mask table is generated 
from the entries generated in the key table. The 
particular processes used to generate the key table and 
mask table entries from the initial key are explained 

15 hereinafter in detail. 

In accordance with a preferred embodiment of the 
present invention, the block size of the data undergoing 
cryptographic transformation is selected to be ten bytes 
long, with each byte including eight digital bits therein 
20 seven of the bits in each byte are used for the data 
values and the eighth bit is a parity bit as is well-known 
m the field. In the preferred embodiment here, the key 
has been selected to be the same length as the block of 
data undergoing encryption and decryption. However the 
25 key could be other lengths, if desired. It is necessary 
that the key be long enough to make guessing the key by an 
exhaustive attack very difficult. When using seven value 
bits in each byte, it is preferred that each key include 
between eight and twenty bytes. While key lengths longer 
30 than twenty bytes can be used, it would make the 
computation in the cryptographic system much more 
difficult and time consuming and would increase the length 
of the various tables used in the system, correspondingly 
increasing the memory space required. The same 

considerations are applicable in selecting the block of 
plaintext undergoing encryption, particularly when small 
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blocks of information will be sent through the system-. 
The block size should include an even number of bytes if 
the enclave function of the present invention is used . 
However, the block size could be an odd number of bytes if 
5 the enclave function was not used. 

A major element of the cryptographic system of 
the present invention is that the particular permutation, 
substitution or enclave table used in performing a 
particular cryptographic function on the data is a 
10 function of certain values or elements in the data 
undergoing transformation. This aspect of the present 
invention is being referred to as a variable function, 
which is any function where two or more possible choices 
exist. 

15 This aspect of the present invention is also 

used initially in generating, from an initial key, a key 
table which is later used in the encryption/decryption 
process. Generally, one or more elements from the key are 
selected and the result of a predetermined mathematical 

20 function is used to choose a variable function table. The 
function is performed on the present state of the key in 
accordance with the selected i table to generate a new key. 
The result of the mathematical function could also be used 
to pick, from many available possibilities, the particular 

25 function used in conjunction with a particular table. In 
the preferred embodiment of this invention, the particular 
type of function is preset and only the table used in 
conjunction with that function is selected by means of the 
data undergoing encryption/decryption. 

30 A particular arrangement for producing the 

elements of the key table, which uses substitution, 
permutation and enclave functions, is set forth in FIG. 3. 
The ten bytes of the key undergoing transformation are 
shown in element 50 as K n l-K n l0. In selecting the 

35 substitution table used, the values of the last five bytes 
of the key are added together using modular arithmetic at 
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element 51 to generate a digital number stored in memory 
register Y at element 52. The modulus of the modular 
arithmetic used at element 51 would be determined by the 
size of the substitution table used in the system. in a 
5 preferred embodiment, the substitution table would include 
32 tables for 128 byte values and, therefore, the 
arithmetic used at element 51 would have a modulus of 32. 
In an example included hereinafter in this application 
the substitution table has, for ease of understanding, 
10 only 16 tables and element 51 would be modular 16. While 
, FIG. 3 shows the addition of the vaiues in the last five 
bytes of the key undergoing transformation to generate the 
number used in selecting the substitution table, it is to 
be understood that any combination of the ten bytes in the 
15 key, including all ten, could be used to generate the Y 
value at element 52. 

In selecting the permutation table used in FIG. 
3, the first five values of the key are added together 
using modular arithmetic at element 53 to generate a 
20 digital number stored in memory register X at element 54. 
Similar to the substitution table calculation, the modular 
arithmetic used at element 53 for generating the 
permutation table X would be dependent upon the size of 
the permutation table used in the system. m a preferred 
25 embodiment, there are 128 entries in the permutation table 
and, therefore, the modular arithmetic at element 53 would 
be modular 128. 

The value Y generated at element 52 is used to 
select the substitution table which is used to modify the 

30 current state of the key. The key is then substituted in 
accordance with this table. Thereafter, the value X 
generated at element 54 is used to select the particular 
permutation table. The key, which previously underwent a 
substitution operation, is now permutated in accordance 

35 with the selected table. This operation, which transforms 
*ey n to an intermediate state referred to as PSK n , is set 
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forth in element 55 in FIG. 3. The transformed key, after 

undergoing first the substitution and then the 

permutation, is represented in FIG. 3 as element 56, 

including bytes PSK 1 - PSK 10. 

n n 

5 A sample permutation table entry is shown in 

FIG. 4. The position of the eight bit bytes at the top of 
FIG, 4 will be scrambled as directed by the various arrows 
to the new position shown at the bottom of FIG. 4. 
Working from the top to the bottom gives an encryption of 

10 the data. To decrypt the data, the positioning is 
rearranged from the bottom to the top to recapture the 
initial arrangement of the data. This is a standard 
technique used in many cryptographic systems and need not 
be explained in further detail in this application. 

15 Likewise, a typical entry in the substitution table is 
shown in FIG. 5. If a particular plaintext value appears 
in any of the bytes of the data undergoing transformation, 
then the substitution table used will direct that the 
plaintext value be substituted by a new value. For 

20 instance, if the plaintext value is. P Q , then, in 
accordance with the table shown in FIG. 5, it will be 
substituted by the new value of s ± . Working backwards 
through the substitution table, the encrypted data can 
then be decrypted to recapture the original plaintext 

25 values. Once again, this is a standard cryptographic 
technique and need not be explained in further detail, it 
must be understood that the particular arrangements shown 
in FIGS. 4 and 5 are only representative of the many 
possibilities of permutation and substitution table 

30 entries and that many other entries would be included in 
the tables used in the cryptographic system of the present 
invention. 

In FIG. 3, the intermediate state of the key at 
element 56 is further modified in accordance with a newly 
35 developed function, referred to as an enclave function by 
the applicant. The enclave process is also a variable 
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function in which certain values of the data undergoing 
transformation are used to generate a number which in turn 
is used to select which of a plurality of enclave tables 
will be used to perform the further transformation of the 
5 data. in the embodiment shown in FIG. 3, certain values 
of the intermediate state of the key in element 56, bytes 
3f 4, 5, 6 and 7 as shown, are added together using 
modular arithmetic at element 57 to create a digital 
number identified as Z and stored in memory register Z in 
10 element 58. m a preferred embodiment, the enclave table 
includes 32 entries and, accordingly, the arithmetic 
performed at element 57 would be modular 32. Thereafter, 
the intermediate state of the key is further transformed 
according to the particular enclave table selected and 
15 this transformed key is entered into the key table at 
element 59. The enclave function will be described in 
detail hereinafter in connection with FIGS . 6 and 7. 

In accordance with the notation used in the 
present application, "Key" is used to represent the 
20 initial key. The initial key is used .to generate the 
first key in the key table, which is identified as Key 
Key Q is stored in the key table and is then used to 
generate the next entry in the key table, namely, Key 
Ke Yl is created from Key 0 by following the same steps set 
25 forth in FIG. 3 for generating Key 0 from the original key. 
The remaining keys in the key table are generated in turn 
from the immediately preceeding key until the key table is 
filled. The generation of a key from its predecessor in 
the key table is represented as element 59 in FIG. 3 where 
Key n is used to generate Key n+1> 

The number of entries in the key table should be 
a factor, or divide evenly into the alphabet space. m 
the preferred embodiment described herein, the alphabet 
space is 2 or 128. if the number of entries is not a 
factor of the alphabet space, then the statistical chance 
of certain keys being used is greater than other keys. 
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This discrepancy could aid a cryptanalyst and should be 
avoided. The maximum number of entries in the key table 
is the size of the alphabet space and the maximum has been 
used in the preferred embodiment. 
5 in general , each key in the key table is 

generated as a result of a variable function performed on 
the previous key, with the particular variable function 
determined by information extracted from the prior 
installed or generated key* The initial key would be the 

10 installed key and the generated keys have been referred to 
as Ke y<)' Ke yi' etc - In th is manner, the key table does 
not include the initial secret key and, therefore, it is 
impossible to solve for the initial key from knowledge of 
information in the key table. As will be explained 

15 hereinafter in more detail, a different set of keys will 
be selected in each round of the encryption and this makes 
it impossible to search for or solve mathematically for 
one key used repetitively. This simulates a one time tape 
when an initializing vector is used with every 

20 transmission in connection with the initial key. Also, 
knowing one key in the key table cannot give the attacker 
the previous key since a cryptanalyst cannot work backward 
through the key table. Therefore, this arrangement is 
much better than a pseudo-random key generator. 

25 It must be noted that the arrangement set forth 

in FIG. 3 is just one possible implementation of the 
present invention. There are almost an infinite number of 
variations possible without changing the spirit or scope 
of the invention. Any process using the initial key or an 

30 installed data block to choose a variable function to 
create a key table such that the variable function table 
chosen cannot be determined from the new key created would 
fall within the scope of this invention. 

FIG. 6 represents a block diagram of the enclave 

35 function used in the present invention. The enclave 
function is used both in generating the key table in FIG. 
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3 and is also used in the encryption process shown 
hereinafter in FIG. 8 . The block undergoing 

transformation is referred to as element 60 in FIG. 6. 
The block is divided into two portions, namely, a first or 
5 left half- block 61 including the first five bytes and a 
second or right half-block 62 including the last five 
bytes. other arrangements for dividing the block into 
half-blocks can be used, including using the even bytes 
for the first half-block and the odd bytes for the second 
10 half-block, and other arrangements. The block undergoing 
transformation must include an even number of bytes for 
the enclave function. 

An autoclave function is a known technique in 
cryptographic systems for changing a block by a function 
15 performed on itself. The enclave process of the present 
xnvention uses an autoclave type of function in 
conjunction with other manipulations on the data block to 
provide complete inter-symbol dependency throughout the 
entire ten byte block. Complete inter-symbol dependency 
20 is achieved when every byte of the block is a function of 
every other byte of the block and itself. 

In the arrangement shown in FIG. 6, the right 
half-block 62 is transformed by an autoclave function 
referred to as E na to a new data block referred to as 
25 element 63. The particular autoclave function used at E 
will be described hereinafter in more detail in connection 
with FIG. 7. The right half-block at element 63 then 
undergoes a second autoclave transformation, referred to 
as E nb' to generate the half-block at element 64. This 
30 half-block is then combined by a bit by bit Exclusive OR 
function with the unchanged left half-block 61 at element 
65 to generate a new left half -block at element 66. The 
left half-block at element 66 then undergoes an autoclave 
function E nc to generate a transformed left half-block at 
35 element 67. Thereafter, the left half-block in element 67 



- 

undergoes a subsequent autoclave transformation E 
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generate a modified left half-block at element 68 . ' Then 

the left half-block in element 68 is combined by an 

Exclusive OR function with the previously transformed 

right half-block at element 64. This Exclusive OR 

5 function generates a new right half-block at element 70 • 

Then the left half-block at element 68 is joined to the 

right half-block at 70 to create an entire block at 

element 71 which has undergone the enclave function of the 

present invention. 

10 After the right half-block 62 has undergone the 

two autoclave functions in accordance with E and E . . 

. na nb' 

the right half-block has achieved complete inter-symbol 

dependency within itself. When the left half -block 61 and 
the current right half-block 64 are combined by an 
15 Exclusive OR function at element 65, the left half-block 
is completely inter-symbol dependent with the right half- 
block. When the left half-block at element 66 is then 

transformed by the two autoclave functions E and E 
. , _ ^ nc nd' 

the left half-block at element 68 will be completely 

20 inter-symbol dependent with itself and . with the right 
half -block. Therefore, the left half -block has achieved 
complete inter-symbol dependency with the entire ten byte 
block. After the right half-block at element 64 is 
combined by an Exclusive OR function with the current left 

25 half -block at element 69, the right half-block is entirely 
inter-symbol dependent on the entire ten byte block. When 
the left half-block at element 68 and the right half-block 
at element 70 are merged together to form the complete 
block at element 71, every byte of the block is a function 

30 of every other byte of the block and of itself. 

The particular autoclave function used in the 
enclave function shown in FIG. 6 is a process where the 
element or byte in the half -block undergoing 
transformation is added to two other elements in the 

35 half -block. This process is repeated until each element 
in the half -block has been so modified. To create the 
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complete inter-symbol dependency within each half-block 
it xs necessary that at least two elements be added to the 
element being changed. m addition, this autoclave 
process is carried out twice on the entire half-block to 
5 ensure that all. of the bytes in the half-block are 
functions of themselves and of every other byte. E 
E nb' E nc' and E nd are represented by a plurality "of 
enclave tables, each of which includes an entry a, an 
entry b, an entry c and an entry d. A sample table E is 
10 set forth below: n 



E *» E nc E nd 

3 15 543 
5 3 4 



2 i 4 1 3 3 4 5 

A r> i 231 325 521 
421 4 25 152 

2 3 4 2 5 4 



15 ! 4 2 HI 4 13 

l i a 34 2 5 4 

1 5 4 5 4 1 x 3 2 



2 5 3 



Each sub-table has five columns and the 
autoclave function is performed in five steps from top to 

20 TT*' hei9ht ° f ^ C ° 1Unn ° f each of -ub 

20 tables must be equal in length to . the half-block 

undergoxng transformation. i„ the preferred embodiment 

the hexght of the columns are five since the blocks are 

ten bytes long and the half-blocks are five bytes long 

25 COlUmn inClUde 9 nUmber si * ni ^ every byte 

25 xn the half-block. In the preferred ^ 

numbers 1-5 designate the bytes since there will be five 
bytes xn each half-block. Every byte must be accounted 
for xn every column. The row length must be greater than 

30 a 0 "'! 1 ' T half ' bl ° Ck l6n9th ^ ^ ~ ~» 
a dxstxnct numerxcal value between one and five, m other 

words, none of the numbers one through five should be 

repeated in any row of a sub- table. The total number of 

tables E n should be a factor of the encryption space. I„ 

summary, the vertical rows of each sub table of E must 

35 have a dxfferent number from one through five anS each 

horxzontal row must all have different numbers from "e 
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through five. In addition, each of the second and third 
elements of the sub-table in a particular row must be 
different from the first entry. 'The first entry (i.e., in 
the first row) gives the identity of the byte of the block 
5 undergoing transformation and the second and third entries 
(in the second and third rows) represent the bytes which 
are arithmetically joined to the byte undergoing 
transformation to come up with the new value. 

This autoclave function can be represented 

10 better in connection with FIG. 7 which shows the 
transformation of the right half -block in accordance with 
the specific sample table E„^ set forth above. The first 
entry in E na is "3 1 5" which means that the third byte of 
the half-block (i.e., byte 8 or B8) is added to the value 

15 of the first byte (B6) and the fifth byte (BIO) to 
generate the new value of the third byte (B8) . Modular 
arithmetic for each addition is used in accordance with 
the size of alphabet space. Here, modular 128 would be 
used in the arithmetic step since the alphabet space is 2 7 

20 or 128 as determined by the seven data bits in each byte 

in the preferred embodiment. The next entry in E is "5 

na 

3 4" which means that the fifth byte (BIO) is added to the 
third byte (B8 which had previously been transformed) and 
also to the fourth byte (B9) . The third entry is »4 2 1" , 

25 which means that the fourth byte ( B9 ) is added to the 
second byte (B7) and the first byte (B6) . The fourth 
entry, "1 4 2", instructs that the first byte (B6) is 
added to the fourth byte (B9) and the second byte (B7) . 
The fifth entry in table E na is ff 2 5 3 W which means that 

30 the second byte (B7) is added to the fifth byte (B10) and 
the third byte (B8) to generate the new second byte (B7) . 
As discussed above, the autoclave function is repeated 
with another table, E^, to create complete inter-symbol 
dependency within the particular half-block undergoing 

35 transformation. E na , E nfa , E nc and E could all be 
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identical to each other, but it is better if each of the 
sub-tables within a particular enclave table E are 
different from each other. n 

The particular enclave table E selected is 
5 determined in .accordance with a numSer generated 
previously through an arithmetic function on the data 
undergoing transformation. i„ connection with the 
creation of the key table, the enclave table selected is 
determined by the number Z which is generated at element 
10 58 xn FIG. 3. The notation «n" in connection with the 
enclave process in FIG. 6 is to be distinguished from the 
notation *n» used in connection with generating the 
entries of the key table in FIG. 3. 

The last step shown in the initializing routine 
15 set forth in FIG. 2 is the creation of the Mask table at 
step 40. The Mask values are determinants which are used 
in the encryption and decryption process to aid in 
selecting particular entries within tables to perform a 
transformation on the data. The function of the Masks 
20 which will be apparent later, is to add another 
distinguishing factor so that a cryptanalyst cannot work 
backward through the cryptographic algorithm and calculate 
the original key used in the system. 

Generally, the Mask values are the arithmetic 
result of two or more values from the key table or the 
original key. The preferred embodiment contains four Mask 
values with a notation of Mask n where n can be from one to 
four. The maximum range for n is equivalent to the number 
of variable functions included in the cryptographic 
30 system. In the preferred embodiment, the system includes 
permutation, key addition, enclave, and substitution 
variable functions and, accordingly, the maximum n for the 
Masks will be four. Each Mask table entry is a block of 
ten bytes. Therefore, each of these bytes can be 
addressed as Mask n b with b ranging from one to ten. m 
the preferred embodiment, the Masks are created as 
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follows: The first byte in Mask^ referred to as Masi^ - f 
is generated by summing the values of the first byte' in 
the first 32 keys of the key table. These values are 
summed up using modular arithmetic, herein modular 128, as 
5 determined by the. alphabet space. The subsequent bytes of 
the first Mask are each in turn generated by summing up 
the corresponding byte in each of the first 32 keys in the 
key table. The second Mask, referred to as Mask 2 , is 
generated by a similar summation of the bytes in the next 
10 32 keys in the table, i.e., Key 32 . . . Key^. Similarly, 
the third Mask is created by operations on the next 32 
keys in the key table, namely, Key g4 through Key 95 . 
Lastly, the fourth Mask is created by using Key gg through 
Key 127* 1316 Mask creation can be represented 

15 mathematically by the following equations (with l less 
than or equal to b which is less than or equal to 10) : 
1aSK l.b - Ke Vb + Kev i,b + - - - + Key 31 b 
"^.b * **32,b + **33,b + • • • + Key 6 
"^b " **64.b + Kev 65,b + • - - + Key g5 
MASK^ = Key 96 b + Key^ + . . . + . 

Other options are available for creating the key 
table and Masks. The Masks* could be generated by just 
generating four more keys in the key table creation and 
using these four additional keys as the four Masks. Also, 

25 the keys in the key table could be created by the same 
method used in generating the Masks. Also, the key table 
could be generated by making the third key a function of 
the first two keys with or without the use of variable 
functions after the first two entries in the key table had 

30 been generated. Thus, succeeding keys can be created by 
any of the previously generated keys. 

A flow chart showing the encryption process in 
accordance with the preferred embodiment of the present 
invention is shown in FIG. 8. since the preferred 

35 embodiment includes a number of rounds of encryption on 
each block of data, the letter "R» will be used to 
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designate the round number hereinafter. Initially," the 
round number is set to zero at step 100. Then the 'round 
number R is incremented by one at step 102. The data 
undergoing encryption is represented by a ten byte block 
5 at step 104. During the first round of encryption, the 
data in element 104 will be the plaintext undergoing 
encryption. m subsequent rounds, this data will be an 
intermediate product different from the initial plaintext 
data but not yet the final ciphertext output. 
10 ^ data is initially subjected to a variable 

permutation operation at step 106. As explained 
hereinafter in more detail in connection with FIG. 9, an 
entry is selected from the permutation table memory 108 
and a value is selected from the Mask table memory 110 to 
15 conduct the variable permutation. Control then passes to 
step 112 where a choice component, referred to as "C , is 
equated with the round number R. control then passes to 
step U4 where a first variable key addition operation is 
carried out on the data. As explained hereinafter in more 
detail m connection with FIG. 10, a key is selected from 
the key table memory lie and a value is selected from the 
Mask table memory lio to carry out the variable key 
addition. control then passes to step n 8 where the 
choice component c is set to a value one greater than the 
25 round number. Following the operation at step n 8 
control passes to query 120 where it is determined whether 
the choice component c is equal to li. if it is not then 
control passes directly to step 122 where a second 
variable key addition operation is carried out on the 
30 data, using a key from the key table memory lie and using 
a value from the Mask table memory 110. if following the 
addition at step us, the choice component c is equal to 
11, then control is passed to step 124 where the choice 
component is set to a value of one. Then control is 
35 passed to the second variable key addition operation at 
step 122. 
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Following the second variable key addition 
function at step 122, control is passed to step 126 where 
a variable enclave is performed on the data. This 
variable enclave function was described above in 
connection with FIGS. 6 and 7, where it was shown that an 
entry is selected from the enclave table memory 128. The 
particular enclave table selected is determined by Mask 3 R 
which is obtained from the Mask table memory 110. This 
can be represented by the equation n - Mask 3 where n is 
the enclave table memory selected for the operations in 
FIGS. 6 and 7. As will be explained hereinafter in more 
detail, Mask x was used in connection with the variable 
permutation operation at step 106, Mask 2 was used in 
connection with the variable key additions at steps 114 
15 and 122, and Mask 4 will be used in the subsequent variable 
substitution operations . 

Control then passes to step 130 where the choice 
component C is once again equated to the round number R. 
Thereafter, the data undergoes transformation in 
20 accordance with a first variable substitution at step 132. 
As will be explained hereinafter in more detail, the 
variable substitution uses a value from the Mask table 
memory 110 and selects an appropriate S-Box table from the 
S-Box and S'-Box memory 134. Control then passes to step 
25 136 where the value of the choice component c is 
incremented by one. A decision is made at query 138 as to 
whether the choice component is equal to 11. if it is 
not, then control is passed directly to a second variable 
substitution at step 140. if the choice component after. 
30 step 136 is equal to 11, then control is passed by query 
138 to step 142 where the choice component is set to a 
value of one. Thereafter, control is passed to the second 
variable substitution at step 140. Like the first 
variable substitution at step 140, the second variable 
35 substitution is described in more detail in FIG. 11 and 
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uses a value from the Mask table memory 110 and uses a 
table from the s-Box and S'-Box memory 134 to transform 
the data. 

Control thereafter passes to query 144 where it 
xs determined whether the round number has reached a value 
of 10. if the round number has reached ten, then the 
encryption process is completed and the ciphertext is 
represented as an output at step 146. if the round number 
has not yet reached ten, control is passed back to step 
102 where the round number is incremented by one. Then 
all of the above identified steps, including the variable 
permutation 106, the first variable key addition 114, the 
second variable key addition 112, the variable enclave 
126, the first variable substitution 132 and the second 
15 variable substitution 140, are carried out. 

The variable permutation of FIG. 8 is explained 
in more detail in the block diagram in FIG. 9. The data 
undergoing transformation is represented as bytes Bl 
through Bio at element 150. m order to select which 
table xn the permutation table memory 108 is used to carry 
out the permutation, the values in the ten bytes of the 
data are added together at element 152 to generate a value 
stored in memory register Z at element 154. a value is 
generated by combining in a bit by bit Exclusive OR 
function the value in register 2 generated at element 154 
with Mask 1R from the Mask table memory no. This value 
is stored in memory register w at element 156. For 
example, during the first round of encryption, Mask 
would be used at element 156 to generate W by Jhe 
30 Exclusive OR operation with Z. since there are ten rounds 
of encryption in the preferred embodiment, each of the ten 
values in Mas^ will be used in turn during the encryption 
rounds. 

Control then passes to element 158 where a 
35 standard permutation is carried out on the block of data 
using the directions from permutation table W, represented 



20 



25 



WO 91/031 13 



PCIYUS90/01391 



-26- 

by P w . The block of data after it has been permutated is 
shown in FIG. 9 at element 160 as bytes bl through bio. 
It is important to use all ten bytes of the data 
undergoing encryption to select the permutation table used 
5 for the transformation since this renders it possible to 
decrypt the same data by the same steps- If only some of 
the bytes in the block were used to determine the 
permutation table used, then it would be impossible to 
determine during the decryption process which permutation 

10 table was selected. Rather than combining Z with Mas^ R 
by an Exclusive OR operation to generate w, it is also 
possible to sum the values of Z and Mask. „ modular 
arithmetic, to determine the permutation table used. This 
is also true throughout the remainder of the application 

15 where two digital values are combined together using an 
Exclusive OR operation. While an Exclusive OR operation 
is computationally easier to implement on a digital 
computer, the same result could be obtained in the present 
invention by merely arithmetically summing the values 

20 rather than carrying out the Exclusive OR operation. 

The variable key addition function of the 
present invention, as shown in steps 114 and 122 of FIG. 
8, is shown diagramatically in FIG. 10. Each variable key 
addition, whether the first at step 114 or the second at 

25 step 122, are identical except that the value of the 
choice component C is one higher in the second variable 
key addition than in the first key addition, except during 
the tenth round of encryption when the value of the choice 
component C is set at one. Otherwise, the steps followed 

30 in the variable key addition at step 114 and step 122 in 
FIG. 8 are identical as set forth in FIG. 10. 

The particular key selected from the key table 
memory 116 for the variable key addition is determined by 
byte C (referred to as BC) and Mask 2 . This is shown by 

35 element 172 in FIG. 10 where the value Z is equated to BC 
and by element 174 where W is equated to z XOR Mask 
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The value W is used to select the key from the key table 
memory 116 for use during that particular round of the 
variable key addition. The ten bytes of Key w are shown as 
element 176 in FIG. 10. Thereafter, every byte in the 
block of bytes in element 170 is combined by an Exclusive 
OR function with the corresponding byte in Key w through 
the series of Exclusive ORs at element 178. For example, 
Bl XOR Key wl generates bl. Likewise, B2 XOR Key 
generates b2. The only exception is that byte C (BC) in 
the block undergoing transformation is not combined with 
its corresponding byte in Key w but remains unchanged and 
becomes directly bC. This is represented by the series of 
querys at element 180 associated with each byte of the 
data undergoing transformation at element 170. if c is 
equal to the byte number, then that byte is not combined 
with the corresponding key byte. The block of data after 
it has undergone a round of the variable key addition is 
shown as element 182 in FIG. 10. 

The variable substitution for the encryption 
process shown in FIG. 8 is shown in more detail in FIG. 
11. Similar to the variable key addition, the first 
variable substitution at step 132 is identical to the 
second variable substitution at step 140 except that the 
choice component c is changed for the second variable 
25 substitution. otherwise, the steps followed in each are 
the same. In the substitution process, the s-Box chosen Z 
is determined by byte c in the data undergoing 
transformation and Mask 4 R . This is shown in FIG. n 
where z is equated to BC 'at element 192 and W is equated 
30 to Z XOR Mask 4R at element 194. The value of W generated 
in element 194 is used to select the particular S-Box used 
for the substitution at element 196. After the selection 
of the S-Box, every byte of the block undergoing 
transformation at element 190 is substituted with the 



20 



WO 91/03113 



PCT/US90/01391 



-28- 

chosen value according to S-Box^ except for byte c (BC) 
which remains unchanged during this round of 
transformation. 

It is important both in the variable key 
5 addition and in the variable substitution that byte C (BC) 
remains unchanged. In this way, it is possible to use the 
same transformation to work backwards in the decryption 
operation. A series of querys at element 198 connected to 
each byte of the block undergoing transformation in 
10 element 190 show how byte c remains unchanged and is 
passed directly and unchanged to the corresponding output 
byte in element 200. For example, when the choice 
component C is equal to 1, then Bl in element 190 would 
equal bl in element 200. Otherwise, the remaining bytes 
15 in element 200 will have values different from the initial 
values in element 190 in accordance with the substitution 
protocol set forth S-Box^ The same technique could be 
used for selecting the permutation table, i.e., use one of 
the bytes and leave that byte unchanged. 

The steps followed in decrypting a block of 
ciphertext is shown in FIG. 12. Since the decryption is 
essentially a backwards iteration through the encryption 
steps followed in FIG. 8, the round number is initially 
set at ten in step 210. The block of data undergoing 
decryption is selected and is represented in element 212 
as a block of ten data bytes. During the first round of 
decryption, the data at step 212 will be the initial 
ciphertext. Control is then passed to step 214 where the 
choice component C is set to a value one greater than the 
30 round number. A decision is made at query 216 whether the 
choice component is equal to 11. if it is not, then 
control is passed directly to step 218 where a first 
inverse variable substitution is carried out on the data. 
The inverse variable substitution is described in more 
35 detail in FIG. 13. The first inverse variable 

substitution 218 uses data from the Mask table memory no 
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and from the S'-Box memory 134. if query 216 determines 
that the choice component C is equal to 11, then the 
choice component set to one at step 220 and control then 
passes to the first inverse variable substitution at 
element 218. Control then passes to step 222 where the 
choice component is equated to the round number, following 
which a second inverse variable substitution is carried 
out at step 224. 

Subsequent to the second inverse variable 
substitution at step 224, the data is subjected to an 
inverse variable enclave function at element 226. This 
function is described in more detail hereinafter in 
connection with FIGS. 14 and 15. However, it must be 
noted here that Mask is selected from the Mask table 
15 memory 110 and that value is used to select the particular 
enclave table memory used from the enclave table memory 
128. 

Control is then passed to step 228 where the 
choice component is incremented by one and then a decision 
is made at query 230 whether the choice component has 
reached the value of eleven. If the choice component has 
not yet reached a value of eleven, then control passes to 
the first inverse variable key addition at step 232. If 
the choice component has reached the value of eleven, it 
25 is reset at step 234 to a value of one and control is 
passed directly to the first inverse variable key addition 
at step 232. The first inverse variable key addition uses 
data from the Mask table memory 110 and the key table 
memory 116 to transform the data. This operation is shown 
30 in more detail in connection with FIG. 16. Control is 
then passed to step 236 where the choice component is 
equated with the round number. Then the data is subjected 
to a second inverse variable key addition at step 238. 
Other than the difference of the values of the choice 



20 



WO 91/03113 



PCT/US90/01391 



10 



15 



-30- 

component, the first inverse variable key addition af step 
232 is identical to the second inverse variable key 
addition at step 238. 

Control is then passed to the inverse variable 
permutation at step 240. The data is then subjected to a 
particular inverse permutation using an entry from the 
Mask table memory no and an entry from the permutation 
table memory 108. The inverse variable permutation is 
described in more detail in connection with FIG. 17. 

Control is then passed to query 242. If the 
round number for the decryption has reached a value of 
one, then no further decryption takes place and the 
current state of the data is output at step 244 as the 
plaintext output, if the round number has not yet reached 
a value of one, then the round number is decreased by 1 at 
step 246. Control is passed to step 212 for a further 
round of decryption in accordance with the first inverse 
variable substitution 218, the second inverse variable 
substitution 224, the inverse variable enclave 226, the 
20 first inverse variable key addition 232, the second 
inverse variable key addition 238, and the inverse 
variable permutation 240. 

The inverse variable substitution is shown in 
more detail in FIG. 13. The data undergoing decryption is 
represented by bytes bl through blO in element 250. The 
inverse substitution box (S'-Box) chosen is determined by 
bC XOR Mask 4 R . This is represented in FIG. 13 where Z is 
equated to bC at element 252 and W is equated to Z XOR 
Mask 4,R at element 254. w is then used to select the 
particular inverse substitution box (S'-Box^ at element 
256. Every byte in the block in element 250 is then 
substituted in accordance with the protocol of the chosen 
S'-Box except for byte be. The result of the inverse 
variable substitution is a ten byte data block Bl through 
35 BIO at element 260. The arrangement by which byte bC is 
not substituted is shown by a series of querys 258 
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associated with each byte of the data undergoing 
decryption in element 250. For example, in the first 
round of decryption, where R is ten, bio is both used to 
select the S'-Box used for the inverse substitution and is 
5 also unchanged during the inverse substitution, since the 
tenth byte remained unchanged during the final variable 
substitution carried out on the data during the encryption 
process shown in FIG. 8, it is possible to recreate and 
work backwards through the encryption process through the 
10 ciphertext data. The same is true for the inverse 
variable key addition of FIG. 16. 

The inverse variable enclave function is shown 
in detail in FIG. 14 and in conjunction with the 
particular autoclave function used in the inverse variable 
15 enclave in FIG. 15. The steps carried out in FIG. 14 are 
essentially the inverse of the steps taken in the variable 
enclave for encryption shown in FIG. 6. The block of data 
undergoing decryption at element 270 i 3 split into a left 
half-block 272 and a right half-block 274. These two 
20 half-blocks are combined by a bit by bit Exclusvie OR 
function at element 276 to produce a subsequent right 
half-block 278. The left half -block at element 272 is 
first transformed by an inverse autoclave function E' to 
left half-block element 280 and then is transformed by an 
25 inverse autoclave function E' nc to left half-block 282. 
Right half-block element 278 is then combined through an 
Exclusive OR function at element 284 with left half-block 
282 to form the final left half-block element 286. The 
right half-block at element 278 is first transformed by an 
30 inverse autoclave function E' nb to right half-block 
element 288 and then is transformed by an inverse 
autoclave function E' na to the final right half-block at 
element 290. The left half-block element 286 and right 
half-block element 290 are joined together to form the 
35 final ten byte block at 292 which is the result of the 
inverse enclave function. 



WO 91/03113 



PCT/US90/01391 



-32- 

A particular autoclave function used in' the 
inverse enclave of FIG, 14 is shown, for one example, in 
FIG. 15. In general, the enclave tables, as described 
above, are used during the inverse autoclave function. 
5 However , the entries are read from the bottom of each 
column to the top and the byte undergoing transformation, 
identified by the entry in the first row, has its value 
reduced by the values of the other two bytes, identified 
by the second and third rows in the enclave table entry. 

10 An example of an inverse autoclave function used in the 
inverse enclave is set forth in FIG. 15 for the same 
autoclave function used in connection with FIG. 7. The 
last entry in the enclave table used is used first for the 
transformation in FIG. 15. Since this entry is "2 5 3", 

15 this means that the fifth byte (BIO) and the third byte 
(B8) are subtracted from the second byte (B7) to generate 
the new value of the second byte. As in the enclave 
function used for encryption, the arithmetic is carried 
out by modular arithmetic. The next entry up from the 

20 bottom in the enclave table used in FIG. 15 is "1 4 2", 
which means that the fourth byte (B9) and the second byte 
(B7) are subtracted from the first byte (B6) to give the 
new value of the first byte (B6) . Similarly, the third 
entry is "4 2 1", which means that the second byte (B7) 

25 and the first byte (B6) are subtracted from the fourth 
byte (B9) to give the new value of the fourth byte (B9) . 
The next entry in the enclave table used is "5 3 4", which 
means that the third byte (B8) and the fourth byte (B9) 
are subtracted from the fifth byte (BIO) to give the new 

30 value of the fifth byte (BIO). Finally, the first entry 
in the enclave table is f 3 1 5 f r which is used last in the 
inverse autoclave function. This entry means that the 
first byte (B6) and the fifth (BIO) are subtracted from 
the third byte (B8) to give a new value for the third 

35 byte. The result of all of these modular arithmetic 
calculations is shown in FIG. 15 as the last block, 
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including bytes B6 through BIO. The inverse variable key 
addition is shown diagramtically in FIG. 16. The 
particular key selected from the key table memory 116 for 
the inverse variable key addition is determined by byte C 
5 (referred to as bC) and Mask 2 R . This is shown by element 
302 in FIG. 16, where the value Z is equated to bC, and by 
element 304 where W is equated to Z XOR Mask The 
value W is used to select a key from the key table memory 
116 for use during that particular round of the inverse 
10 variable key addition. The ten bytes of key w are shown as 
element 306 in FIG. 16. Thereafter, every byte in the 
block of bytes in element 300 is combined by an Exclusive 
OR function with the corresponding byte in Key w through 
the series of Exclusive ORs at element 310. For example, 
15 bl XOR Key wl generates Bl. Likewise, b2 XOR Key 
generates B2. The only exception is that byte C in the 
block undergoing transformation is not combined with its 
corresponding byte in Key w , but remains unchanged and 
directly becomes BC. This is represented by the series of 
20 querys at elements 310 associated with each byte of the 
data undergoing transformation at element 300. If c is 
equal to the byte number, then that byte is not combined 
with the corresponding key byte. The block of data after 
it has undergone a round of the inverse variable key 
25 addition is shown as element 312 in FIG. 16. 

The inverse variable permutation of FIG. 12 is 
explained in more detail in the block diagram in FIG. 17. 
The data undergoing transformation is represented as bytes 
bl through bio at element 320. In order to select which 
table in the permutation table memory 108 is used to carry 
out the inverse permutation, the values in the ten bytes 
of the data are added together using modular arithmetic at 
element 322 to generate a value Z at element 324. At 
element 326, a value W is generated by combining in a bit 
35 by bit Exclusive OR function the value z generated at 
element 324 with Mask 1R from the Mask table memory 110. 
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For example, during the first round of decryption, MaSk x - ± 
would be used at element 326 to generate W by the 
Exclusive OR operation with Z. 

Control then passes to element 328 where a 
5 standard inverse . permutation, which is merely a working 
backward through the permutation table entry as shown 
earlier in connection with FIG. 4, is carried out on the 
block of data, using the directions from the permutation 
table W r represented by P' w . The block of data after it 

10 has undergone the inverse permutation operation is shown 
in FIG. 17 at element 330 as bytes Bi through BIO. since 
during the encryption process all ten bytes of the data 
undergoing encryption were used to select a permutation 
table for the transformation, this rendered it possible to 

15 decrypt the same data by once again adding together all 
ten bytes of the ciphertext data to determine which 
permutation table should be used. This is possible since 
the permutation operation merely rearranged the order of 
the values. The information used in the encryption stage 

20 can be extracted by once again slimming together the values 
in the data. 

EXAMPLE 

An example of the encryption of a ten byte block 
of plaintext data using the embodiment of the encryption 

25 system of the present invention discussed above will now 
be shown in detail. The system must be initialized with 
a permutation table, a substitution table and an enclave 
table. Tables used in this example, and created in 
accordance with the guidelines set forth above, are shown 

30 below in Tables I, IIA and B, and III, respectively. 
Then a ten byte initial key is selected for creating the 
key table and Mask table. For this example, the initial 
key is selected to be: 

key = 27 115 21 1 12 41 2 92 17 81 
35 Sum the first five values of the initial key (mod 128) : 
(27 + 115 + 21 + 1 + 12) mod 128 = 176 mod 128 = 48 
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Therefore, permutation table 48 will be used. 
Sum the last five values of the initial key (mod 16) : 
(41 + 2 + 92 + 17 + 81) mod 16 = 233 mod 16 = 9 
Therefore, substitution table 9 will be used. 
Take key: 27 115 21 1 12 41 2 92 17 81 
Substitute (tbl 9): 

50 56 15 124 102 99 109 74 26 73 
Permutate(tbl 48): 

56 74 50 73 109 15 102 26 124 99 
Sum values 3 - 7 of the current key block (mod 32): 
(50 + 73 + 109 + 15 + 102) mod 32 - 349 Mod 32 - 29 
Therefore, enclave table 29 will be used for the next 
step. 

Current key block: 

15 56 74 50 73 109 15 102 26 124 99 

Enclave (tbl 29) : 

30 34 55 63 9 73 74 107 109 33 
Therefore key Q « 

30 34 55 63 9 73 74 107 109 33 
It can be seen that the initial key was used to 
create the first key, identified as key Q , in the key 
table. The air e steps are reproduced using key to 
generate key^ J± to generate key.,, etc., until key 
xs used to generate key 127 . The completed key tabie* 
usxng the initial key identified above, is shown in Table 
IV below. 

Next, the Mask table is generated using the 
previously generated key table. To generate the first 
byte or first value in Mask^ the first mask, the values 
of the first bytes in key Q to key 31 are summed (mod 128): 
0 + 10 + 26 + 0 + 102 + 105 + 111 + si + 95 + 68 + 6 + JQ 
+ 95 + 67 + 55 + 39 + 109 + 23 + 39 + 31 + l 20 +50+46 

+ 71 + 34 + 48 + 105 + 51 + 45 + 123 + 4 + 1 = 1840 mod 
128 = 48 



20 



25 



30 



35 



Therefore, the first value or the first byte in Mask is 
48. 1 
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Value 2 in Mask 1 is the sum of the values of byte 
2 in Key Q to Key 31 (mod 128), Value 3 in Masl^ is the 
sum of the values of byte 3 in £ey Q to Key 31 (mod 128) . 
Value 4 in Mask x is the sum of the values of byte 4 in 
5 Key Q to Key 31 (mod 128) . Value 5 in Mask^ is the sum of 
the values of byte 5 in Key Q to Key 31 (mod 128) . Value 6 
in Mas^ is the sum of the values of byte 6 in Key Q to 
Key 31 ( mod 128 )• Value 7 in Mask x is the sum of the 
values of byte 7 in Key Q to Key 31 (mod 128). Value 8 in 
10 Mask x is the sum of the values of byte 8 in Key Q to Key 31 
(mod 128). Value 9 in Mas^ is the sum of the values of 
byte 9 in Key Q to Key 31 (mod 128). Value 10 in Mas^ is 
the sum of the values of byte 10 in Key Q to Key 31 (mod 
128) . 

15 Similarly, the ten bytes or values of Mask 2 are 

created from Key 32 to Key g3 , the values of Mask 3 are 
created from Key g4 to Key g5 and the values of Mask 4 are 
created from Key to Key.„. 



The completed mask table, generated from the key 
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below: 












Mas^ 




48 2 


121 


18 


60 


105 


33 


50 


11 


60 




Mask 2 




26 78 


24 


72 


69 


13 


77 


43 


9 


99 




Mask 3 




64 113 


72 


61 


37 


13 


49 


71 


24 


60 




Mask, 
4 




104 62 


69 


87 


18 


31 


102 


101 


32 


125 


25 




Now that 


the 


key 


and 


mask 


tables have 


been 



generated from the initial key (which is not included in 
either table) , data can be encrypted using additionally 
the permutation, enclave and substitution tables in 
Tables I r IIA and IIB, and III below. A particular block 
30 of plaintext data will be encrypted under the system of 
the present invention and for ten rounds of encryption, 

ROUND 1 

BLOCK = 104 101 108 108 111 32 116 104 101 114 
(a) Variable Permutation. 
35 Add all values in block (mod 128) : 
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104 + 101 + 108 + 108 + 111 + 32 + 116 + 104 + 101 + 114 
= 999 mod 128 = 103 

Mask 1 value for round 1 (Mask ]L ) =48 
Permutation Table = Sum of the 'block XOR Mask : 

5 103 XOR 48 = 87 . 1,1 

Therefore, permutation table 87 shall be used for the 
permutation. 

Block before permutation: 

104 101 108 108 111 32 116 104 101 114 
Block after permutation: 

108 104 101 101 104 114 32 108 111 116 

(b) First Key Addition. 

Mask 2 value for round 1 (Mask 2 ') = 26 
First key = Value 1 in the block XOR Mask : 
15 108 XOR 26 = 118 2,1 

Therefore, Key 118 shall be used for the first key 
addition. 

Block before key addition: 

108 104 101 101 104 114 32 108 111 116 
20 Block after key addition: 

108 113 85 74 105 102 85 91 124 55 

(c) Second Key Addition. i 

Second key = Value 2 in the block XOR Mask : 
113 XOR 26 = 107 2,1 

25 ** 107 shall be used for the second key 

addition. y 

Block before key addition: 

108 113 85 74 105 102 85 91 124 55 
Block after key addition: 

30 72 113 12 0 64 94 9 3 5 6 118 3 0 47 

(d) Variable Enclave. 

Enclave table = value of Mask 3 ^ (nod 32) = 64 2 mod 32 = 

Therefore, enclave table 04 shall be used for the 
enclave . 

Block before enclave: 
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72 113 120 64 94 93 56 118 30 47 
Block after enclave: 

2 108 96 114 88 16 101 106 118 56 

(e) First Variable Substitution. 

5 Mask 4 value for rpund 1 (Mask 4 ± ) = 104 

First substitution table = Value 1 in block XOR Mask 4 ± z 
2 XOR 104 = 10 ' 
Therefore, substitution table 10 shall be used for the 
first substitution. 
10 Block before substitution: 

2 108 96 114 88 16 101 106 118 56 
Block after substitution: 

2 60 34 59 75 98 127 61 29 73 

(f) Second Variable Substitution. 

15 Second substitution table - Value 2 in block XOR Mask : 
60 XOR 104 - 4 

Therefore, substitution table 4 shall be used for the 
second substitution. 
Block before substitution: 
20 2 60 34 59 75 98 127 61 29 73 

Block after substitution: 

103 60 82 74 18 38 11 49 50 110 

ROUND 2 

BLOCK « 103 60 82 74 18 38 11 49 50 110 
25 (a) Variable Permutation. 

Add all values in block (mod 128) : 

103 + 60 + 82 + 74 + 18 + 38 + 11 + 49 + 50 + 110 = 595 
mod 128 = 83 

Mas^ value for round 2 (Mask 1 2 ) = 2 
30 Permutation table = Sum of the block XOR Mask : 
83 XOR 2 = 81 ' 
Therefore, permutation table 81 shall be used for the 
permutation. 

Block before permutation: 
35 103 60 82 74 18 38 11 49 50 110 
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Block after permutation: 

103 60 50 38 18 11 49 74 82 110 

(b) First Key Addition. 

Mas]^ value for round 2 (Mask 2 ) =78 
5 First key » Value. 2 in the block XOR Mask : 
60 XOR 78 = 114 2,2 

Therefore, Key 114 shall be used for the first key 
addition. 

Block before key addition: 

10 103 60 50 38 18 11 49 74 82 110 

Block after key addition: 

52 60 9 5 68 30 46 117 52 11 

(c) Second Key Addition. 

Second key = Value 3 in the block XOR Mask : 
15 9 XOR 78 = 71 2,2 

Therefore, Key ?1 shall be used for the second key 
addition. 

Block before key addition: 

52 60 9 5 68 30 46 117 52 11 
20 Block after key addition: 

35 108 9 12 107 21 112 115 84 112 

(d) Variable Enclave. 

Enclave table = value of Mask (mod 32) = 113 nod 32 = 
17 

25 Therefore, enclave table 17 shall be used f or the 
enclave. 

Block before enclave: 

35 108 9 12 107 21 112 115 84 112 

Block after enclave: 
30 43 37 14 65 92 20 110 59 17 111 

(e) First Variable Substitution. 
Mask 4 value for round 2 (Mask 4 2 ) = 62 

First substitution table = Value 2 in block XOR Mask 

37 XOR 62 = 11 4 ' 2 * 

35 Therefore, substitution table 11 shall be used for the 
first substitution. 
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Block before substitution: 

43 37 14 65 92 20 110 59 17 111 
Block after substitution: 

46 37 68 9 126 35 73 8 83 6 
5 (f) Second Variable Substitution. 

Second substitution table = Value 3 in block XOR Mask : 
68 XOR 62 = 10 ' 
Therefore, substitution table 10 shall be used for the 
second substitution. 
10 Block before substitution: 

46 37 68 9 126 35 73 8 83 6 
Block after substitution: 

99 122 68 9 114 0 53 51 92 49 

ROUND 3 

15 BLOCK = 99 122 68 9 114 0 53 51 92 49 

(a) Variable Permutation. 

Add all values in block (mod 128) : 

99 + 122 + 68 + 9 + 114 + 0 + 53 + 51 + 92 + 49 = 657 mod 
128 » 17 

20 Mas^ value for round 3 (Mask x 3 ) = 121 

Permutation table = Sum of the 'block XOR Mask x 3 : 
17 XOR 121 =104 i ' 3 

Therefore, permutation table 104 shall be used for the 
permutation. 
25 Block before permutation: 

99 122 68 9 114 0 53 51 92 49 
Block after permutation: 

68 53 51 114 122 0 9 99 49 92 

(b) First Key Addition. 

30 Mask, value for round 3 (Mask^ = 24 
A 2,3 

First key = Value 3 in the block XOR Mask 2 : 
51 XOR 24 = 43 

Therefore, Key 43 shall be used for the first key 
addition. 
35 Block before key addition: 

68 53 51 114 122 0 9 99 49 92 
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Block after key addition: 

84 59 51 126 4 30 98 119 73 113 

(c) Second Key Addition. 

Second key - Value 4 in the block XOR Mask : 
5 126 XOR 24 = 102 . 2,3 

Therefore, Key 1(J2 shall be used for the second key 
addition. 

Block before key addition: 

84 59 51 126 4 30 98 119 73 113 
10 Block after key addition: 

19 31 85 126 117 39 113 77 17 82 

(d) Variable Enclave. 

Enclave table - value of Mask 3 3 (mod 32) =72 mod 32 - 8 
Therefore, enclave table 8 shall be used for the enclave. 
15 Block before enclave: 

19 31 85 126 117 39 113 77 17 82 
Block after enclave: 

127 113 18 67 108 90 103 103 96 85 

(e) First Variable Substitution. 

20 Mask 4 value for round 3 (Mask 4 3 ) = 69 

First substitution table = Value 3 in block XOR Mask : 
18 XOR 69 = 7 4 ' 3 * 

Therefore, substitution table 7 shall be used for the 
first substitution. 
25 Block before substitution: 

127 113 18 67 108 90 103 103 96 85 
Block after substitution: 

76 38 18 30 46 28 71 71 60 112 

(f) Second Variable Substitution. 

30 Second substitution table = Value 4 in block XOR Mask : 
30 XOR 69 = 11 4 ' 3 * 

Therefore, substitution table 11 shall be used for the 
second substitution. 
Block before substitution: 
35 76 38 18 30 46 28 71 71 60 112 
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Block after substitution: 

3 100 107 30 13 54 58 58 36 14 

ROUND 4 

BLOCK = 3 100 107 30 13 54 58 58 36 14 
5 (a) Variable Permutation. 

Add all values in block (mod 128) : 

3 + 100 + 107 + 30 + 13 + 54 + 58 + 58 + 36 + 14 « 473 
mod 128 = 89 

Mask x value for round 4 (Mask 1 4 ) = 18 
10 Permutation Table = Sum of the block XOR Mask x 4 : 
89 XOR 18 = 75 

Therefore, permutation table 75 shall be used for the 
permutation. 

Block before permutation: 
15 3 100 107 30 13 54 58 58 36 14 

Block after permutation: 

30 58 14 100 54 13 36 3 58 107 

(b) First Key Addition. 

Mask 2 value for round 4 (Mask 2 ) =72 
20 First key = Value 4 in the block XOR Mask^ : 

100 XOR 72 = 44 

Therefore, Ke Y 44 shall be used for the first key 
addition. 

Block before key addition: 
25 30 58 14 100 54 13 36 3 58 107 

Block after key addition: 

99 35 0 100 36 104 12 71 25 43 

(c) Second Key Addition. 

Second key = Value 5 in the block XOR Mask 2 : 
30 36 XOR 72 « 108 

Therefore, Ke Y 108 shall be used for the second key 
addition. 

Block before key addition: 

99 35 0 100 36 104 12 71 25 43 
35 Block after key addition: 

77 95 115 53 36 35 19 119 56 69 
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(d) Variable Enclave. 

Enclave Table = value of Mask. (mod 32) = 61 mod 32 = 

29 ' 

Therefore, enclave table 29 shall be used for the 
5 enclave. 

Block before enclave: 

77 95 115 53 36 35 19 n 9 5 6 69 
Block after enclave: 

117 76 52 98 12 13 113 26 108 92 
10 (e) First Variable Substitution. 

Mask 4 value for round 4 (Mask 4 ■ ) - 87 

Pirst substitution table = Value 4 in block XOR Mask • 
98 XOR 87 - 5 4 ' 4 

Therefore, substitution table 5 shall be used for the 
15 first substitution. 

Block before substitution: 

117 76 52 98 12 13 113 26 108 92 
Block after substitution: 

64 80 83 98 58 48 50 31 49 43 
20 (f) second Variable Substitution. 

Second substitution table = Value 5 in block XOR Mask - 
58 XOR 87 = 13 4 ' 4 " 

Therefore, substitution table 13 shall be used for the 
second substitution. 
25 Block before substitution: 

64 80 83 98 58 48 50 31 49 43 

Block after substitution: 

122 28 81 29 58 127 22 16 26 49 

ROUND 5 

30 BLOCK = 122 28 81 29 58 127 22 16 26 49 
(a) Variable Permutation. 
Add all values in block (mod 128) : 

122 + 28 + 81 + 29 + 58 + 127 + 22 + 16 + 26 + 49 - 558 



35 



mod 128 = 46 
Mas^ value for round 5 (Mask. _) . 60 

1/5 
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Permutation Table = Sim of the block XOR Mas^ 5 : 
46 XOR 60 = 18 

Therefore, permutation table 18* shall be used for the 
permutation. 
5 Block before permutation: 

122 28 81 29 58 127 22 16 26 49 
Block after permutation: 

49 122 127 81 28 16 26 22 29 58 

(b) First Key Addition. 

10 Mask 2 value for round 5 (Mask 2 5 ) = 69 

First key * Value 5 in the block XOR Mask^ 5 : 
28 XOR 69 = 89 

Therefore, K *Y Q9 shall be used for the first key 
addition. 
15 Block before key addition: 

49 122 127 81 28 16 26 22 29 58 
Block after key addition: 

40 118 40 87 28 74 102 101 88 57 

(c) Second Key Addition - 

20 Second key = Value 6 in the block XOR Mask 2 5 : 
74 XOR 69 =15 

Therefore, Ke Y 15 shall be used for the second key 
addition. 

Block before key addition: 
25 40 118 40 87 28 74 102 101 88 57 

Block after key addition: 

15 50 22 72 90 74 7 76 15 92 

(d) Variable Enclave. 

Enclave Table = value of Mask 3,5 (mod 32) = 37 mod 32 = 
30 5 

Therefore, enclave table 5 shall be used for the enclave. 
Block before enclave: 

15 50 22 72 90 74 7 76 15 92 
Block after enclave: 
35 98 69 120 65 54 18 6 17 59 14 

(e) First Variable Substitution. 
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Mask 4 value for round 5 (Mask 4 5 ) = 18 

First substitution table = Value 5 in block XOR Mask : 

54 XOR 18 = 4 4,5 

Therefore, substitution table 4 shall be used for the 
5 first substitution. 

Block before substitution: 

98 69 120 65 54 18 6 17 59 14 
Block after substitution: 

38 0 92 68 54 89 122 4 74 106 
10 (f) Second Variable Substitution. 

Second substitution table = Value 6 in block XOR Mask : 
89 XOR 18 = 11 4 ' 5 

Therefore, substitution table n shall be used for the 
second substitution. 
15 Block before substitution: 

38 0 92 68 54 89 122 4 74 106 
Block after substitution: 

100 24 126 122 108 89 39 45 93 28 

ROUND 6 

20 BLOCK - 100 24 126 122 108 89 39 . 45 93 28 
(a) Variable Permutation. 
Add all values in block (mod 128): 

100 + 24 + 126 + 122 + 108 + 89 + 39 4- 45 + 93 + 28 = 774 
mod 128 = 6 
25 Mas^ value for round 6 (Mas^ g ) = 105 

Permutation Table = sum of the block XOR Mask : 
6 XOR 105 = in 1 ' 6 * 

Therefore, permutation table in shall be used for the 
permutation. 
30 Block before permutation: 

100 24 126 122 108 89 39 45 93 28 
Block after permutation: 

126 45 122 89 93 108 24 28 39 100 
(b) First Key Addition. 
35 Mask 2 value for round 6 (Mask 2 g ) =13 

First key = Value 6 in the block XOR Mask : 

2 f S 
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108 XOR 13 = 97 

Therefore, Ke Yg7 shall be used for the first key 
addition. 

Block before key addition: 
5 126 45 122 89 93 108 24 28 39 100 

Block after key addition: 

39 78 56 40 24 108 99 80 4 77 

(c) Second key Addition. 

Second key = Value ? in the block XOR Mask 2 6 : 
10 99 XOR 13 = 110 

Therefore, Ke Y 110 shall be used for the second key 
addition. 

Block before key addition: 

39 78 56 40 24 108 99 80 4 77 
15 Block after key addition: 

94 63 13 94 121 33 99 70 118 11 

(d) Variable Enclave. 

Enclave Table = value of Mask 3 g (mod 32) =13= mod 32 
=13 

20 Therefore, enclave table 13 shall be . used for the 
enclave. 

Block before enclave: 

94 63 13 94 121 33 99 70 118 11 
Block after enclave: 
25 89 102 105 113 44 117 86 106 57 50 

(e) First Variable Substitution. 
Mask 4 value for round 6 (Mask 4 6 ) = 31 

First Substitution Table = Value 6 in block XOR Mask 4 g : 

117 XOR 31 = 10 ' 
30 Therefore, substitution table 10 shall be used for the 

first substitution. 

Block before substitution: 

89 102 105 113 44 117 86 106 57 50 

Block after substitution: 
35 78 65 30 125 17 117 57 61 89 38 

(f) Second Variable Substitution. 
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Second substitution table = Value 7 in block XOR Mask • 
57 XOR 31 = 6 4 ' 6 

Therefore, substitution table 6 shall be used for the 
second substitution. 
5 Block before substitution: 

78 65 30 125 17 117 57 61 89 38 
Block after substitution: 

6 92 76 30 120 66 57 51 58 80 

ROUND 7 

10 BLOCK = 6 92 76 30 120 66 57 51 58 80 

(a) Variable Permutation. 

Add all values in block (mod 128) : 

6 + 92 + 76 + 30 + 120 + 66 + 57 + 51 + 58 + 80 = 636 mod 
128 = 124 

15 Mas^ value for round 7 (Mas^ ? ) =33 

Permutation Table = Sum of the 'block XOR Mask : 
124 XOR 33 =93 1,7 

Therefore permutation table 93 shall be used for the 
permutation . 
20 Block before permutation: 

6 92 76 30 120 66 57 51 58 80 

Block after permutation : 

66 57 120 92 30 80 58 51 6 76 

(b) First Key Addition. 

25 Mask 2 value for round 7 (Mask 2 ? ) = 77 

First key = Value 7 in the block XOR Mask : 
58 XOR 77 - 119 ' 7 

Therefore, Key lig shall be used for the first key 
addition. 
30 Block before key addition: 

66 57 120 92 30 80 58 51 6 76 
Block after key addition: 

55 9 30 92 21 117 58 32 16 97 

(c) Second Key Addition. 

35 Second key = Value 8 in the block XOR Mask : 
32 XOR 77 = 109 2 ' 7 * 
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Therefore, Ke Y 109 shall be used for the second key 
addition. 

Block before key addition: 

55 9 30 92 21 117 58 32 16 97 
5 Block after key addition: 

37 117 11 121 62 60 69 32 110 42 

(d) Variable Enclave. 

Enclave Table = value of Mask 3 ? (mod 32) = 49 mod 32 = 
17 

10 Therefore , enclave table 17 shall be used for the 
enclave. 

Block before enclave: 

37 117 11 121 62 60 69 32 110 42 
Block after enclave: 
15 80 95 116 23 78 60 94 113 112 2 

(e) First Variable Substitution. 
Mask 4 value for round 7 (Mask 4 7 ) = 102 

First substitution table = Value 7 in block XOR Mask 4 ? : 
94 XOR 102 = 8 

20 Therefore, substitution table 8 shall be used for the 

first substitution. 

Block before substitution: 

80 95 116 23 78 60 94 113 112 2 

Block after substitution: 
25 1 9 24 39 52 98 94 99 108 35 

(f) Second Variable Substitution. 

Second substitution table = Value 8 in block XOR Mask : 
99 XOR 102 = 5 ' 
Therefore, substitution table 5 shall be used for the 

30 second substitution. 

Block before substitution: 

1 9 24 39 52 98 94 99 108 35 
Block after substitution: 

85 98 36 57 83 51 90 99 49 9 

35 ROUND 8 

BLOCK = 85 98 36 57 83 51 90 99 49 9 
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(a) Variable Permutation. 
Add all values in block (mod 128) : 

85 + 98 + 36 + 57 + 83 + 51 + 90 + 99 + 49 + 9 = 657 mod 
128 « 17 

5 Masl^ value for round 8 (Mas^ ) = 50 

Permutation Table = Sum of the 'block XOR Mask : 
17 XOR 50 = 35 1,8 

Therefore, permutation table 35 shall be used for the 
permutation. 
10 Block before permutation: 

85 98 36 57 83 51 90 99 49 9 
Block after permutation: 

98 49 90 83 99 36 57 51 85 9 

(b) First Key Addition. 

15 Masl^ value for round 8 (Mask 2 ) =43 

First key - Value 8 in the block XOR Mask : 
51 XOR 43 = 24 2/8 

Therefore, Key 24 shall be used for the first key 
addition ♦ 
20 Block before key addition: 

98 49 90 83 99 36 57 51 85 9 
Block after key addition: 

64 86 38 82 89 88 18 51 79 87 

(c) Second Key Addition. 

Second key « Value 9 in the block XOR Mask : 
79 XOR 43 = 100 2,8 

Therefore, Key 100 shall be used for the second key 
addition. 

Block before key addition: 

64 86 38 82 89 88 18 51 79 87 
Block after key addition: 

68 55 56 89 35 4 56 79 79 83 

(d) Variable Enclave. 

Enclave Table = value of Mask 3 Q (mod 32) = 71 mod 32 = 7 
Therefore, enclave table 7 shall be used for the enclave. 



25 



30 



35 
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Block before enclave: 

68 55 56 89 35 4 56 79 79 83 
Block after enclave: 

7 63 70 6 113 40 96 62 19 61 
5 (e) First Variable Substitution. 

Mask 4 value for round 8 (Mask 4 g ) = 101 

First Substitution Table = Value 8 block XOR Mask 4 8 : 

62 XOR 101 = 11 

Therefore, substitution table 11 shall be used for the 
10 first substitution. 

Block before substitution: 

7 63 70 6 113 40 96 62 19 61 
Block after substitution: 

87 48 91 121 80 94 52 62 110 70 
15 (f) Second Variable Substitution. 

Second substitution table = Value 9 in block XOR Mask 4 & 
110 XOR 101 = 11 

Therefore, substitution table 11 shall be used for the 
second substitution. 
20 Block before substitution: 

87 48 91 121 80 94 52 62 110 70 
Block after substitution: 1 

25 124 95 23 67 88 102 79 110 91 

ROUND 9 

25 BLOCK = 25 124 95 23 67 88 102 79 110 91 
(a) Variable Permutation. 
Add all values in block (mod 128) : 

25 + 124 + 95 + 23 + 67 + 88 + 102 + 79 + 110 + 91 = 804 
mod 128 =36 
30 Maskj^ value for round 9 (Mask x Q ) = 11 

Permutation Table - Sum of the block XOR Mask 1 Q : 
36 XOR 11 = 47 

Therefore, permutation table 47 shall be used for the 
permutation • 
35 Block before permutation: 

25 124 95 23 67 88 102 79 110 91 
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Block after permutation: 

91 95 124 79 88 23 25 102 110 67 

(b) First Key Addition. 
Mask 2 value for round 9 (Mask 2 9 ) = 9 
First key = Value 9 in the block XOR Mask : 

110 XOR 9 = 103 

Therefore, Key 103 shall be used for the first key 
addition. 

Block before key addition: 

91 95 124 79 88 23 25 102 110 67 
Block after key addition : 

80 72 99 87 98 39 46 44 110 44 

(c) Second Key Addition 

Second key = Value 10 in the block XOR Mask : 
15 44 XOR 9 = 37 2,9 

Therefore, Key 37 shall be used for the second key 
addition. 

Block before key addition: 

80 72 99 87 98 39 46 44 110 44 
20 Block after key addition: 

71 120 20 6 114 89 109 32 69 44 

(d) Variable Enclave. 

Enclave Table = value of Mask 3,9 (mod 32) =24 mod 32 = 
24 

25 Therefore, enclave table 24 shall be used for the 
enclave. 

Block before enclave: 

71 120 20 6 114 89 109 32 69 44 
Block after enclave: 
30 41 71 57 98 55 2 41 99 106 92 

(e) First Variable Substitution. 
Mask 4 value for round 9 (Mask 4 g ) « 32 

First Substitution Table = Value 9 in block XOR Mask : 
106 XOR 32 = 10 4 ' 9 * 
35 Therefore, substitution table 10 shall be used for the 
first substitution. 
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Block before substitution: 

41 71 57 98 55 2 41 99 106 92 
Block after substitution: 

104 42 89 39 72 31 104 10 106 67 
5 (f) Second Variable Substitution. 

Second Substitution Table = Value 10 in block XOR 

Mask 49 : 

67 XOR 32 = 3 

Therefore, substitution table 3 shall be used for the 
10 second substitution. 

Block before substitution: 

104 42 89 39 72 31 104 10 106 67 

Block after substitution: 

24 49 88 105 94 71 24 124 125 67 
15 ROUND 10 

BLOCK = 24 49 88 105 94 71 24 124 125 67 

(a) Variable Permutation. 

Add all values in block (mod 128) : 

24 + 49 + 88 + 105 + 94 + 71 + 24 + 124 + 125 + 67 » 771 
20 mod 128 = 3 

Mask x value for round 10 (Mas^ 1Q ) = 60 
Permutation Table = Sura of the block XOR Mask x 1Q : 
3 XOR 60 = 63 

Therefore, permutation table 63 shall be used for the 
25 permutation . 

Block before permutation: 

24 49 88 105 94 71 24 124 125 67 
Block after permutation: 

67 124 105 88 125 24 24 94 49 71 

30 (b) First Key Addition. 

Mask 2 value for round 10 (Mask 2 ) =99 

First Key = Value 10 in the block XOR Mask 2 1Q : 

71 XOR 99 = 36 

Therefore, Ke Y 36 shall be used for the first key 
35 addition. 
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Block before key addition: 

67 124 105 88 125 24 24 94 49 71 
Block after key addition: 

110 9 114 70 70 96 91 117 12 71 
5 (c) Second Key Addition* 

Second key = Value 10 in the block XOR Mask : 
71 XOR 99 = 36 2,10 

Therefore, Key 36 shall be used for the second key 
addition. 
10 Block before key addition: 

110 9 114 70 70 96 91 117 12 71 
Block after key addition: 

67 124 105 88 125 24 24 94 49 71 

(d) Variable Enclave. 

Enclave Table = value of Mask 3 (mod 32) = 60 mod 32 = 
28 ' 

Therefore, enclave table 28 shall be used for the 
enclave. 

Block before enclave: 

67 124 105 88 125 24 24 94 49 71 
Block after enclave: 

36 31 0 91 41 84 71 38 87 122 

(e) First Variable Substitution. 

Mask 4 value for round 10 (Mask ) = 125 
25 First Substitution Table = 4 Value 10 in block XOR 

MaSk 4,10 : 

122 XOR 125 = 7 

Therefore, substitution table 7 shall be used for the 
first substitution. 
30 Block before substitution: 

36 31 0 91 41 84 71 38 87 122 
Block after substitution: 

90 27 11 41 114 117 56 33 72 122 

(f) Second Variable Substitution. 

35 Second Substitution Table = value io in block XOR 

Mask. . _ : 
4,10 



20 
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122 XOR 125 =7 

Therefore, substitution table 7 shall be used for the 
second substitution. 
Block before substitution: 
5 90 27 11 .41 114 117 56 33 72 122 

Block after substitution: 

28 4 87 114 88 23 122 105 44 122 
TRANSMITTED BLOCK: 

28 4 87 114 88 23 122 105 44 122 
10 After ten rounds of encryption in accordance with 

the present invention, the plaintext block has been 
converted into a ciphertext block as follows: 

Plaintext: 

110 111 32 116 101 115 116 115 32 112 
15 Ciphertext : 

28 4 87 114 88 23 122 105 144 122 
Having described above the presently preferred 
embodiments of this invention, it is to be understood 
that it may be otherwise embodied within the scope of the 
20 appended claims. 
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TABLE IIA - SUBS TITUTION TABLE - PART A 
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30 

31 

32 

33 

34 

35 

36 

37 

38 

39 

40 

41 

42 

43 

44 

45 

46 

47 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

60 

61 

62 

63 

64 

65 

66 

67 

68 

69 

70 

71 

72 

73 

74 

75 

76 

77 

78 

79 

80 

81 

82 

83 

84 



92 
34 
74 
97 
4 
53 
76 
27 
5 
35 
70 
43 
127 
79 
81 
16 
42 
32 
51 
106 
104 
120 
87 
48 
22 
45 
118 
54 
75 
10 
121 
85 
119 
100 
61 
116 
110 
86 
89 
9 
12 
13 
108 
69 
93 
55 
1 
52 
95 
20 
107 
64 
29 
23 
47 



52 
82 
123 
93 
79 
9 
80 
33 
10 
27 
35 
88 
48 
19 
61 
45 
60 
40 

125 
36 
92 
57 
95 
99 
3 
67 

105 
75 
5 
71 

116 
77 

100 
98 

101 

115 
44 
30 
56 
81 
51 
32 

117 
26 
76 

120 
54 
1 

104 
121 

69 

72 

24 

41 
8 



10 

93 
102 

65 

51 

83 

91 

55 

99 
110 
117 

56 
127 

86 

42 
120 

77 

18 - 

16 

67 

39 

14 
122 

72 

15 

73 

62 

13 
113 

69 

31 

79 

57 

92 

78 

76 
103 
121 
109 
106 

26 

37 

54 

40 
9 

32 

80 
8 

48 

41 
115 

23 
1 

27 

74 



62 
71 
39 
31 
2 
5 
80 
91 
37 
105 
20 
34 
49 
61 
70 
44 
116 
87 
112 
111 
15 
29 
120 
11 
85 
97 
78 
73 
3 
74 
1 
65 
122 
102 
25 
79 
77 
9 
32 
63 
28 
103 
94 
68 
81 
47 
59 
92 
56 
121 
99 
8 
23 
51 
64 



80 
102 
. 119 
81 
82 
101 
8 
72 
67 
108 
47 
21 
6 
66 
109 
35 
48 
94 
26 
97 
65 
85 
77 
99 
52 
57 
113 
39 
83 
74 
16 
49 
121 
93 
61 
68 
62 
84 
29 
0 

118 
17 
98 

110 
54 
18 

115 
60 
46 
73 
28 
86 
53 

127 

100 



65 
52 
32 
81 
37 
9 

122 
6 
73 
57 
116 
35 
111 
18 
0 
1 
94 
26 
66 
115 
91 
55 
83 
82 
2 
11 
27 
87 
77 
88 
16 
86 
5 
56 
113 
40 
7 
72 
38 
46 
100 
84 
74 
68 
114 
19 
80 
54 
17 
93 
99 
95 
44 
78 
119 



76 
95 
64 
44 
111 
2 
59 
33 
80 
78 
40 
45 
17 
31 
87 
22 
73 
15 
82 
61 
75 
118 
89 
25 
42 
74 
43 
48 
36 
4 
0 
51 
53 
97 
126 
92 
16 
119 
32 
8 

108 

24 
106 

49 
124 

21 
107 
121 
6 

101 
63 
60 
27 
71 
38 



66 
27 
84 
105 
113 
45 
90 
96 
33 
52 
65 
114 
83 
98 
34 
115 
50 
75 
61 
20 
109 
118 
97 
43 
49 
36 
122 
15 
81 
89 
123 
10 
9 
63 
100 
93 
16 
30 
32 
31 
22 
56 
44 
110 
91 
120 
69 
13 
1 

103 
6 
40 
21 
86 

117 
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85 


40 


63 


60 


86 


26 


12 


46 


87 


58 


31 


112 


88 


114 


102 


64 


89 


65 


113 


50 


90 


17 


109 


49 


91 


36 


25. 


17 


92 


59 


13 


114 


93 


2 


91 


0 


94 


72 


2 


81 


95 


39 


21 


90 


96 


111 


17 


105 


97 


15 


55 


47 


98 


38 


22 


126 


99 


60 


122 


66 


100 


103 


16 


119 


101 


19 


18 


61 


102 


102 


106 


2 


103 


77 


39 


5 


104 


99 


94 


59 


105 


109 


6 


101 


106 


98 


97 


6 


107 


56 


7 


70 


108 


88 


29 


12 


109 


96 


46 


123 


110 


11 


23 


85 


111 


6 


108 


29 


112 


73 


78 


20 


113 


101 


58 


7 


114 


117 


114 


45 


115 


62 


90 


68 


116 


112 


107 


82 


117 


41 


59 


30 


118 


105 


28 


3 


119 


63 


34 


34 


120 


113 


50 


124 


121 


7 


11 


21 


122 


78 


43 
** «j 


oo 


123 


49 


119 


104 


124 


3 


42 


11 


125 


31 


118 


118 


126 


24 


14 


75 


127 


122 


62 


22 




TABLE 


IIB - 


SUBS 



57 


91 


15 


39 


89 


63 


125 


127 


40 


71 


4 


102 


27 


45 


110 


99 


88 


31 


12 


58 


127 


14 


45 


100 


6 


43 


28 


11 


50 


36 


43 


86 


12 


33 


3 


34 


38 


90 


90 


56 


86 


87 


124 


113 


69 


32 


101 


5 


18 


64 


127 


103 


119 


38 


51 


Al 


48 


5 


69 


1 Q 


21 


55 


120 


RA 

OH 


16 


56 




1 A 
14 


. 22 


124 


126 


7ft 


33 


3 


61 




24 


70 


96 




66 


58 


75 


ftl 


125 


19 


102 


72 


0 


79 


25 


26 


104 


59 


49 


96 


82 


40 


109 


65 


110 


42 


30 


1 ft 


76 


104 


33 


A 


45 


10 


103 


Dh 


13 


75 


50 


7 1 


118 


125 


p J 


D7 


117 


2 


7A 
/ O 


3 5 


19 


95 




7 Q 


83 


1 


64 


oo 


17 


69 


70 


XX*t 


100 


22 


8 


1 OR 


96 


92 


105 


1 7 


95 


24 


62 


1 


60 


20 


20 


91 


30 


9 


34 


125 


53 


41 


42 


20 


93 


76 


59 


30 


55 


105 


106 


3 


108 


11 


39 


116 



112 
78 
72 
24 
42 
28 
41 
39 
53 
104 
37 
60 
57 
68 
35 
67 
0 
19 
71 
73 
95 
80 
106 
46 
64 
99 
85 
5 
38 
88 
26 
55 
23 
48 
51 
59 
94 
3 

127 
47 
2 

125 
76 



TABLE IIB - SUBS TITUTION TABLE - PART R 
ORIGINAL TBL 8 TBL 9 TBL 10 TBL 11 TBL 12 TBL 13 TBL 14 TBL 



0 


42 


18 


66 


24 


1 


32 


124 


13 


0 


2 


35 


109 


31 


69 


3 


20 


17 


7 


53 


4 


13 


37 


97 


45 


5 


38 


119 


91 


26 


6 


14 


100 


49 


121 



0 
52 
44 



119 121 73 
58 56 36 
27 78 107 
70 58 43 83 

120 8 2 40 
0 85 28 54 

57 79 54 28 



WO 91/031 13 



PCT/US90/01391 



-60- 



7 


2 


89 


56 


87 


8 


78 


83 


51 


82 


9 


81 


96 


9 


22 


10 


118 


28 


15 


97 


11 


59 


52 


93 


127 


12 


46 


102 


87 


78 


13 


107 


126 


. 45 


59 


14 


31 


91 


33 


68 


15 


8 


104 


46 


116 


16 


115 


35 


98 


106 


17 


61 


26 


70 


83 


18 


82 


105 


95 


107 


19 


49 


62 


115 


110 


20 


102 


85 


20 


35 


21 


87 


15 


11 


29 


22 


125 


125 


82 


104 


23 


39 


66 


6 


33 


24 


117 


107 


85 


118 


25 


53 


21 


123 


76 


26 


116 


110 


19 


18 


27 


80 


50 


79 


114 


28 


30 


48 


119 


54 


29 


25 


67 


24 


63 


30 


112 


111 


74 


74 


31 


57 


5 


3 


41 


32 


50 


63 


16 


71 


33 


40 


90 


116 


123 


34 


120 


59 


103 


112 


35 


105 


106 


0 


32 


36 


21 


80 


23 


2 


37 


47 


9 


122 


125 


38 


101 


57 


40 


100 


39 


94 


116 


62 


34 


40 


5 


81 


105 


94 


41 


76 


99 


104 


5 


42 


54 


19 


32 


19 


43 


34 


84 


37 


46 


44 


92 


77 


17 


4 


45 


66 


49 


113 


115 


46 


15 


123 


99 


13 


47 


111 


33 


77 


117 


48 


127 


1 


55 


124 


49 


100 


60 


18 


62 


50 


77 


98 


38 


56 


51 


7 


65 


35 


92 


52 


19 


38 


68 


102 


53 


70 


41 


86 


55 


54 


68 


95 


44 


108 


55 


104 


58 


72 


51 


56 


48 


118 


73 


72 


57 


83 


97 


89 


50 


58 


71 


88 


48 


37 


59 


119 


72 


47 


8 


60 


98 


46 


118 


36 


61 


72 


23 


90 


70 



17 


51 


31 


7 


6 


77 


50 


51 


35 


123 


93 


110 


7 


42 


29 


20 


94 


87 


0 


106 


102 


15 


34 


35 


108 


112 


48 


92 


77 


38 


104 


67 


117 


111 


22 


30 


99 


23 


25 


60 


82 


125 


92 


123 


30 


12 


94 


38 


67 


66 


96 


101 


15 


45 


72 


4 


95 


105 


5 


97 


32 


35 


63 


26 


79 


25 


98 


56 


121 


24 


109 


111 


59 


52 


125 


99 


78 


60 


76 


70 


40 


33 


23 


126 


48 


0 


42 


8 


81 


7 


99 


112 


9 


115 


47 


95 


3 


16 


11 


81 


16 


100 


57 


117 


72 


5 


84 


41 


127 


44 


20 


90 


41 


115 


69 


5 


106 


18 


70 


55 


112 


62 


120 


14 


63 


89 


52 


109 


13 


92 


83 


127 


71 


13 


24 


74 


47 


11 


39 


80 


28 


3 


115 


21 


60 


49 


26 


119 


25 


99 


71 


64 


11 


117 


60 


100 


51 


86 


61 


42 


19 


1 


85 


73 


92 


127 


35 


94 


76 


26 


95 


23 


100 


22 


102 


48 


87 


54 


21 


19 


4 


84 


89 


82 


122 


41 


117 


116 


85 


98 


90 


33 


90 


57 


67 


88 


46 


61 


17 


9 


105 


43 


81 


18 


8 


97 


62 


46 


24 


114 


113 


66 


54 


74 


32 


108 


123 


73 


37 


59 



WO 91/03113 



PCT/US90/01391 



62 


89 


120 


1 


63 


85 


2 


41 


64 


41 


29 


58 


65 


109 


93 


107 


66 


62 


44 


8 


67 


74 


34 


112 


68 


22 


40 


' 14 


69 


0 


45 


102 


70 


121 


16 


100 


71 


29 


30 


42 


72 


114 


112 


5 


73 


3 


117 


53 


74 


91 


22 


88 


75 


36 


115 


64 


76 


4 


24 


109 


77 


51 


122 


108 


78 


52 


114 


101 


79 


86 


70 


2 


80 


1 


36 


71 


81 


67 


73 


124 


82 


43 


47 


27 


83 


103 


121 




84 


63 


27 


43 


85 


113 


71 


121 

•A 4b JL 


86 


56 


43 


57 


87 


55 


87 


84 


88 


18 


3 


75 


89 


96 


79 


78 


90 


75 


75 


26 


91 


6 


101 


111 


92 


11 


74 


67 


93 


110 


108 


126 


94 


45 


0 


110 


95 


9 


42 


117 


96 


16 


82 


34 


97 


124 


39 


50 


98 


69 


53 


39 


99 


95 


10 


10 



100 79 20 12 

101 126 54 127 

102 97 113 65 

103 88 4 83 

104 60 64 28 

105 26 7 30 

106 33 11 61 

107 123 92 81 

108 28 32 60 

109 64 13 54 
HO 23 55 21 
HI 12 103 25 

112 108 51 94 

113 99 94 125 

114 106 31 59 

115 65 56 36 

116 24 86 69 
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79 


T 
X 


9 


48 


no 


71 


89 


lift 

xxo 


xz^ 


9 


52 


7fi 


15 


61 


xuz 


111 


96 


X7 


122 


o o 


ion 
Xz u 


90 




A "7 

** / 


91 


& 


11/: 

116 


5ft 




82 


o o 


J / 


91 


7S 


1x4 


69 




JO 


37 


120 


111 

XXX 


59 


3 


i n7 - 

xu / 


i i *> 
Uj 


40 




101 


7 




67 


1 7 


12 o 


68 


67 




28 


iiq 


7 J 


107 


AO 


125 


118 




44 


81 


77 


O O 

OO 


14 


A 1 


45 


80 


fkA 


49 


72 


2 R 


11© 


106 


j \j 


14 


94 


1 HQ 


68 


126 


•L \J «J 


on 

29 


10.9 


QC 
-7 ~J 


DO 


53* 


126 


Jl 


83 


1 6 


lift 

11U 


50 


88 


J o 


10 


113 

•L A J 




32 


R7 


1U J 


17 


i n 
XX 


109 


110 


QO 


5 


29 




10 


34 


QQ 


69 


2 


m X 


124 


103 


57 


Xo 


21 


44 


O 1 
21 


6 


12 


104 


z u 


84 


A*\ 


y o 


28 


0*i 


46 


105 




JO 


10 


XlsX 


JO 


85 


7 A 


JO 


73 


20 


o o 


6 


56 


65 


14 


26 


4 


80 


22 


48 


96 


91 


27 


60 


34 


63 


38 


98 


75 



127 


114 


38 


71 


126 


34 


82 


122 


7 


39 


10 


102 


78 


118 


41 


53 


8 


16 


87 


31 


112 


125 


106 


75 


86 


62 


88 


13 


30 


32 


44 


27 


121 


86 


97 


57 


119 


87 


6 


10 


105 


76 


40 


24 


4 


107 


64 


25 


118 


36 


101 


105 


79 


72 


123 


78 


103 


2 


53 


12 


12 


47 


124 


37 


19 


91 


9 


98 


110 


43 


80 


11 


14 


103 


108 


85 


15 


63 


100 


104 


68 


1 


1 


124 


3 


15 


91 


65 


18 


93 


27 


58 


59 


17 


55 


77 


46 


84 


65 


61 


33 


121 


111 


29 


56 


45 


13 


22 



114 115 



WO 91/03113 



PCT/US90/01391 











-62- 










117 


10 


61 


96 


66 


42 


40 


66 


- 

68 


118 


17 


6 


29 


20 


113 


55 


122 


3 


119 


90 


78 


22 


1 


•80 


124 


75 


113 


120 


93 


127 


76 


31 


66 


64 


74 


89 


121 


73 


76 


80 


23 


53 


104 


45 


96 


122 




1 A 
A** 






97 


70 


51 


49 


123 


44 


25 


106 


81 


12 


95 


16 


69 


14 


37 


8 


120 


61 


115 


108 


116 


120 


125 


84 


12 


52 


65 


55 


39 


58 


50 


126 


27 


68 


114 


47 


75 


31 


77 


6 


127 


58 


69 


63 


101 


64 


93 


49 


79 



TABLE III - ENCLAVE TABLE 









a 






b 






c 






d 




TABLE 


0: 


5 


2 


3 


3 


5 


2 


5 


4 


2 


5 


4 


2 






4 


3 


1 


1 


3 


5 


4 


3 


1 


2 


5 


1 






2 


5 


4 


2 


4 


1 


1 


5 


3 


1 


3 


5 






1 


4 


5 


5 


1 


4 


3 


2 


5 


3 


2 


4 






3 


1 


2 


4 


2 


3 


2 


1 


4 


4 


1 


3 


TABLE 


1: 


3 


1 


2 


3 


2 


5 


4 


2 


1 


4 


2 


3 






4 


3 


1 


5 


1 


4 


3 


4 


5 


5 


3 


1 






2 


5 


4 


2 


4 


3 


5 


1 


4 


2 


1 


5 






5 


2 


3 


4 


3 


1 


1 


3 


2 


3 


5 


4 






1 


4 


5 


1 


5 


2 


2 


5 


3 


1 


4 


2 


TABLE 


2: 


4 


1 


3 


1 


4 


2 


2 


5 


3 


2 


5 


3 






1 


2 


5 


4 


5 


3 


3 


2 


5 


4 


3 


5 






3 


5 


1 


2 


1 


4 


4 


3 


1 


3 


2 


1 






2 


3 


4 


3 


2 


5 


1 


4 


2 


5 


1 


4 






5 


4 


2 


5 


3 


1 


5 


1 


4 


1 


4 


2 



TABLE 3: 124 534 245 423 

451 452 421 254 

235 213 153 531 

342 341 534 312 

5 . 1 3 125 312 145 



TABLE 4: 



2 


5 


3 


2 


3 


1 


4 


2 


1 


2 


5 


3 


4 


1 


2 


4 


2 


5 


1 


4 


2 


1 


4 


5 


5 


2 


4 


5 


1 


4 


2 


3 


5 


4 


3 


2 


1 


3 


5 


1 


4 


3 


3 


5 


4 


3 


2 


1 


3 


4 


1 


3 


5 


2 


5 


1 


3 


5 


1 


4 
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TABLE 5: 



TABLE 6: 



TABLE 7: 



TABLE 8: 



TABLE 9: 



TABLE 10: 



TABLE 11: 



TABLE 12: 



14 3 
5 12 

2 3 4 

3 2 5 

4 5 1 



15 4 

3 12 
5 4 3 

4 2 5 
2 3 1 



2 5 1 
5 12 

3 4 5 

4 2 3 
13 4 



2 5 4 
12 3 

3 4 1 

4 3 5 

5 12 



13 2 
5 13 

2 5 4 
4 2 5 

3 4 1 



14 3 

2 5 1 

3 15 
5 2 4 

4 3 2 



5 12 
4 5 3 
12 4 
3 4 5 
2 3 1 



4 12 

5 4 3 

2 3 1 
12 5 

3 5 4 



-63- 

2 4 1 

4 5 3 
12 5 

5 3 4 

3 12 



15 2 

2 13 

4 3 5 

3 4 1 

5 2 4 



2 15 
15 2 
5 4 3 
4 3 1 

3 2 4 



12 4 
5 3 1 

2 4 5 

3 5 2 

4 13 



4 12 
13 5 
3 2 1 

5 4 3 
2 5 4 



5 4 3 

2 3 5 
15 4 

3 12 

4 2 1 



14 2 

2 3 1 
5 14 
4 5 3 

3 2 5 



2 5 3 

4 2 5 

5 14 

3 4 1 
13 2 



2 3 4 

3 12 
15 3 
5 4 1 

4 2 5 



3 5 2 

4 2 1 
13 4 
2 4 5 

5 13 



5 4 2 

2 13 

3 2 5 

4 3 1 
15 4 



4 2 5 

2 3 4 
15 3 

5 12 

3 4 1 



4 5 1 
12 3 

5 3 2 
3 4 5 
2 14 



5 2 3 
14 5 

3 12 
2 5 4 

4 3 1 



2 4 5 

3 5 4 
12 3 
5 12 

4 3 1 



5 3 2 

2 14 
4 5 1 
14 3 

3 2 5 



5 3 1 

3 5 2 
14 3 

4 2 5 
2 14 



5 14 

3 4 2 

4 3 1 
12 5 
2 5 3 



3 5 4 

4 3 2 

5 2 1 
2 15 
14 3 



2 3 1 
5 2 4 
15 2 

3 4 5 

4 13 



4 3 2 
3 15 

5 4 1 
2 5 3 
12 4 



2 5 1 

3 4 2 
5 14 
12 3 

4 3 5 



3 14 
2 4 3 
5 2 1 

4 3 5 
15 2 



5 14 
4 5 2 
3 2 1 
14 3 
2 3 5 
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I Claim: 



10 



1. A method of cryptographically transforming 
electronic digital data from one form to another 
comprising the steps of: 

a. establishing in memory at least one 
transformation table associated with a predetermined 
cryptographic function, said table including a plurality 
of addressable entries which each direct a predetermined 
transformation of data in accordance with said function; 

b. selecting one of said entries in said 
transformation table based upon certain information in 
said data undergoing transformation; and 

c. cryptographically transforming said 
data by said function in accordance with the directions of 
said selected entry in said transformation table. 



2. 



A method of generating a table of keys for 
use in cryptographically transforming electronic digital 
data from one form to another comprising the steps of: 
a. establishing an initial key; 
5 b. establishing in memory at least one 

transformation table associated with a predetermined 
cryptographic function, said table including a plurality 
of addressable entries which each direct a predetermined 
transformation of data in accordance with said function; 
10 c - selecting at least one of said entries 

in said transformation table based upon certain 
information in said initial key; 

d. transforming said initial key by said 
function in accordance with the directions of said 
selected entry in said transformation table; 

e. storing said transformed initial key 
as an entry in the key table memory; 



15 
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f . selecting at least one of said entries 
in said transformation table based upon certain 

20 information in the initial key or in a key stored in the 
key table memory; 

g. . transforming the key used in step (f) 
above by said function in accordance with the directions 
of said selected entry in said transformation table; 

h. storing said transformed key as 
another entry in the key table memory; and 

i. performing steps (f) - (h) above 
repetitively until said key table memory has a desired 
plurality of keys stored therein. 

3. The method of claim 2 wherein said initial 
key is not stored as an entry in the key table memory. 

4. The method of claim 2 wherein said 
transformation table entry selected in step (f) above is 
based upon certain information in the latest key stored in 
the key table memory. 

5. A method of generating a table of keys for 
use in cryptographically transforming electronic digital 
data from one form to another comprising the steps of: 

a. establishing an initial key having a 
5 plurality of bytes; 

b. establishing in memory a plurality of 
transformation tables, each associated with a 
predetermined cryptographic function, each of said tables 
including a plurality of addressable entries which direct 

10 a predetermined transformation of data in accordance with 
said function; 

c. selecting, in turn, at least one of 
said entries in each of said transformation tables based 
upon certain information in said initial key; 



WO 91/031 13 



PCT/US90/01391 



30 



-71- 

15 d. transforming said initial key by said 

functions in accordance with the directions of said 
selected entries in said transformation tables; 

e. storing said transformed initial key 
as an entry in the key table memory; 

20 f - selecting, in turn, at least one of 

said entries in each of said transformation tables based 
upon certain information in at least one of the keys 
stored in the key table memory; 

g. transforming the key used in step (f) 
25 above by said functions in accordance with the directions 

of said selected entries in said transformation tables; 

h. storing said transformed key as 
another entry in the key table memory; and 

i . performing steps ( f ) - (h) above 
repetitively until said key table memory has a desired 
plurality of keys stored therein. 

6. The method of claim 5 wherein said initial 
key is not stored as an entry in the key table memory. 

7. The method of claim 5 wherein the entries 
in the transformation tables selected in step (f) above 
are based upon certain information in the latest key 
stored in the key table memory. 

8. The method of claim 5 wherein said 
transformation tables include a substitution table with a 
plurality of entries for directing a particular 
substitution on said key undergoing transformation, 

9 . The method of claim 5 wherein said 
transformation tables include a permutation table with a 
plurality of entries for directing a particular 
permutation on said key undergoing transformation. 
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10. The method of claim 5 wherein* said 
transformation tables include an enclave table with a 
plurality of entries for directing a particular 
transformation on said key undergoing transformation in 

5 which each byte . in said key becomes a function of itself 
and of every other byte in the key. 

11. The method of claim 5 wherein said 
transformation tables include a substitution table with a 
plurality of entries for directing a particular 
substitution on said key undergoing transformation and a 

5 permutation table with a plurality of entries for 
directing a particular permutation on said key undergoing 
transformation . 

12 . The method of claim 5 wherein said 
transformation tables include a substitution table with a 
plurality of entries for directing a particular 
substitution on said key undergoing transformation, a 

5 permutation table with a plurality of entries for 
directing a particular permutation on said key undergoing 
transformation, and an enclave table with a plurality of 
entries for directing a particular transformation on said 
key undergoing transformation in which each byte in said 
10 ke Y becomes a function of itself and of every other byte 
in the key. 

13. The method of claim 12 wherein the 
substitution table entry, the permutation table entry and 
the enclave table entry selected is determined by an 
arithmetic combination of the values of a portion of the 

5 bytes in the key undergoing transformation. 

14 . The method of claim 12 wherein said key 
undergoing transformation is first substituted in 
accordance with the selected entry in the substitution 
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table, is then permutated in accordance with the selected 
5 entry in the permutation table, and is then transformed in 
accordance with the selected entry in the enclave table. 

15. The method of claim 14 wherein the 
substitution and permutation table entries selected are 
determined by an arithmetic combination of the values of a 
portion of the bytes in the key undergoing transformation, 

5 and the enclave table entry selected is determined by an 
arithmetic combination of the values of a portion of the 
bytes in the key after it has been substituted and 
permutated. 

16. The method of claim 15 wherein the 
substitution table entry selected is determined by an 
arithmetic combination of the values of one-half of the 
bytes in the key undergoing transformation and the 

5 permutation table entry selected is determined by an 
arithmetic combination of the values of the other half of 
the bytes in the key undergoing transformation. 

17. A method cryptographically transforming 
electronic data from one form to another comprising the 
steps of: 

a. establishing in memory a key table 
5 with a plurality of multi-byte key entries; 

b. selecting a multi-byte block of data 
for transformation; 

c selecting an entry from the key table 
based on information in at least one of the bytes of the 
10 data block; 

d. arithmetically combining each byte in 
the selected key with a corresponding byte in the data 
block, except that the bytes in the data block used to 
select the entry from the key table remain unchanged; and 
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15 e * repeating steps (c) and (d) above for 

a plurality of rounds and using a different byte of the 
data block in each round for selecting the entry from the 
key table. 

18. A method of cryptographically transforming 
electronic data from one form to another comprising the 
steps of: 

a. establishing in memory a key table 
5 with a plurality of multi-byte key entries; 

b. selecting a multi-byte block of data 
for transformation; 

c. selecting an entry from the key table 
based on information in at least one of the bytes of the 

10 data block; 

d. arithmetically combining each byte in 
the selected key with a corresponding byte in the data 
block, except that the bytes in the data block used to 
select the entry from the key table remain unchanged; and 

15 e * repeating steps (c) and (d) above for 

a plurality of rounds. 



19. A method of cryptographically transforming 
electronic data from one form to another comprising the 
steps of: 

a . establishing in memory a key table 
5 with a plurality of multi-byte key entries; 

b. selecting a multi-byte block of data 
for transformation; 

c. selecting an entry from the key table 
based on information in at least one of the bytes of a key 

10 based determinant; 

d. arithmetically combining each byte in 
the selected key with a corresponding byte in the data 
block; and 
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e. repeating steps (c) and (d) above for 
15 a plurality of rounds. 

20. The method of claims 17, 18 or 19 wherein 
the bits in the. selected key are arithmetically combined 
with the corresponding bits in the data block undergoing 
transformation by an Exclusive OR operation. 

21. The method of claims 17, 18 or 19 wherein 
the values of the bytes in the selected key are added to 
the values of the corresponding bytes in the data block 
undergoing transformation. 

22. The method of claims 17, 18 or 19 further 
including the steps of generating from the key table a 
determinant table having a plurality of entries which are 
each the result of an arithmetic combination of two or 

5 more values in the key table, and then combining an entry 
from said determinant table with said one of the values in 
the data block undergoing transformation to select an 
entry from the key table. 

23. The method of claim 22 wherein a different 
entry from said determinant table is used during each 
round. 

24. The method of claim 22 wherein the entry 
from the determinant table and said one of the bytes in 
the data block are combined by an Exclusive OR operation. 

25. The method of claim 22 wherein the value of 
the entry from the determinant table is added to the value 
of said one of the bytes in the data block. 

26. The method of claims 17, 18 or 19 wherein 
said key table is established -by the steps of: 
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f. establishing an initial key; 

g . establ ishing in memory at least one 
5 transformation table associated with a predetermined 

cryptographic function, said table including a plurality 
of addressable entries which each direct a predetermined 
transformation of data in accordance with said function; 

h. selecting at least one of said entries 
10 in said transformation table based upon certain 

information in said initial key; 

i. transforming said initial key by said 
function in accordance with the directions of said 
selected entry in said transformation table; 

15 3* storing said transformed initial key 

as an entry in the key table memory; 

k. selecting at least one of said entries 
in said transformation table based upon certain 
information in the initial key or in a key stored in the 

20 key table memory; 

1. transforming the key used in step (k) 
above by said function in accordance with the directions 
of said selected entry in said transformation table; 

m . stor ing sa id trans formed key as. 
25 another entry in the key table memory; and 

n. performing steps (k) - (m) above 
repetitively until said key table memory has a desired 
plurality of keys stored therein* 

27. The method of claim 26 wherein said initial 
key is not stored as an entry in the key table memory. 

28. The method of claim 26 wherein said 
transformation table entry selected in step (k) above is 
based upon certain information in the latest key stored in 
the key table memory. 
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29. The method of claims 17, 18 or 19 wherein 
said key table is generated by the steps of: 

f. establishing an initial key having a 
plurality of bytes; 

5 g.. establishing in memory a plurality of 

transformation tables, each associated with a 
predetermined cryptographic function, each of said tables 
including a plurality of addressable entries which direct 
a predetermined transformation of data in accordance with 
10 said function; 

h. selecting, in turn, at least one of 
said entries in each of said transformation tables based 
upon certain information in said initial key; 

i. transforming said initial key by said 
15 functions in accordance with the directions of said 

selected entries in said transformation tables; 

j- storing said transformed initial key 
as an entry in the key table memory; 

k. selecting, in turn, at least one of 
20 said entries in each of said transformation tables based 
upon certain information in at least one of the keys 
stored in the key table memory; 

1. transforming the key used in step (k) 
above by said functions in accordance with the directions 
of said selected entries in said transformation tables ; 

m. storing said transformed key as 
another entry in the key table memory; and 

n. performing steps (k) - (m) above 
repetitively until said key table memory has a desired 
30 plurality of keys stored therein. 



25 



30. The method of claim 29 wherein said initial 
key is not stored as an entry in the key table memory. 
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31. The method of claim 29 wherein the entries 
in the transformation tables selected in step (k) above 
are based upon certain information in the latest key 
stored in the key table memory. 

32. The method of claim 29 wherein said 
transformation tables include a substitution table with a 
plurality of entries for directing a particular 
substitution on said key undergoing transformation and a 

5 permutation table with a plurality of entries for 
directing a particular permutation on said key undergoing 
trans formation . 

33. The method of claim 29 wherein said 
transformation tables include a substitution table with a 
plurality of entries for directing a particular 
substitution on said key undergoing transformation, a 
permutation table with a plurality of entries for 
directing a particular permutation on said key undergoing 
trans formation , and an enclave table with a plurality of 
entries for directing a particular transformation on said 
key undergoing transformation in which each byte in said 
key becomes a function of itself and of every other byte 
in the key. 

34. A method crypt ographically transforming 
electronic data from one form to another comprising the 
steps of: 

a . establishing in memory at least one 
5 transformation table associated with a predetermined 

cryptographic function, said table including a plurality 
of addressable entries which direct a predetermined 
transformation of data in accordance with said function; 

b. selecting at least one of the entries 
10 in said transformation table based upon certain 

information in the data undergoing transformation; 
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c. cryptographically transforming the 
data by said function in accordance with the directions of 
the entry in the transformation table selected in step 

15 (b) ; 

d. , arithmetically combining the data 
transformed in step (c) above with a key; 

e. selecting at least one other entry in 
said transformation table based upon certain information 
in the data transformed in step (d) above; and 

f. cryptographically transforming the 
data transformed in step (d) above by said function in 
accordance with the directions of the entry in the 
transformation table selected in step (e) . 

35. The method of claim 34 wherein steps (b) 
through (f) are carried out repetitively in a 
predetermined number of rounds. 



20 



36. a method of cryptographically transforming 
electronic data from one form to another, comprising the 
steps of: 

a. establishing in memory a first 
5 transformation table associated with a first cryptographic 

function and a second transformation table associated with 
a second cryptographic function, said tables each 
including a plurality of addressable entries which direct 
a predetermined transformation of data in accordance with 
10 said functions; 

b. selecting at least one of the entries 
in said first transformation table based upon certain 
information in said data undergoing transformation; 

c. cryptographically transforming said 
15 data by said first function in accordance with the 

directions of the entry in the first transformation table 
selected in step (b) ; 
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d. arithmetically combining the * data 
transformed in step (c) above with a key; 
20 selecting at least one of the entries 

in the second transformation table based upon certain 
information in the data transformed in step (d) above; and 
f. cryptographically transforming the 
data transformed in step (d) above by the second function 
ffi in accordance with the directions of the entry in the 
second trans formation table selected in step (e) . 

37. The method of claim 36 wherein steps (b) 
through (f) are carried out repetitively in a 
predetermined number of rounds. 



38. A method of cryptographically transforming 
electronic data from one form to another comprising the 
steps of: 

a- establishing in memory a permutation 
5 table with a plurality of addressable entries for 
directing a particular permutation of said data undergoing 
transformation ; 

b. establishing in memory a substitution 
table with a plurality of addressable entries for 

10 directing a particular substitution on said data 
undergoing transformation; 

c. selecting at least one of the entries 
in one of said permutation and substitution tables based 
upon certain information in said data undergoing 

15 trans formation ; 

d. cryptographically transforming said 
data in accordance with the table entry selected in step 
(c) above and the function associated therewith; 

e. arithmetically combining the data 
20 transformed in step (d) with a key; 
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f. selecting at least one of the entries 
in the other of said permutation and substitution tables; 
and 

g. cryptographically transforming the 
25 data transformed in step (e) in accordance with the table 

entry selected in step (f) and the function associated 
therewith. 



39. The method of claim 38 wherein steps (b) 
through (g) are carried out repetitively in a 
predetermined number of rounds. 

40. The method of claims 38 or 39 wherein the 
permutation table entry selected is determined by an 
arithmetic combination of the values of the bytes in the 
data undergoing transformation. 

41. The method of claim 38 wherein the 
substitution table entry selected is determined by the 
value of one of the bytes in the data undergoing 
transformation and the substitution function is carried 
out on all bytes in the data except for the byte used to 
select the entry from the substitution table, which byte 
remains unchanged. 

42. The method of claim 39 wherein the 
substitution table entry selected is determined by the 
value of one of the bytes in the data undergoing 
transformation, the substitution function is carried out 
on all bytes in the data except for the byte used to 
select the entry from the substitution table, which byte 
remains unchanged, and a different byte in the data 
undergoing transformation is used in each round to select 
the substitution table entry. 
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43. The method of claim 39 wherein the step of 
combining the transformed data with a key includes the 
steps of: 

h. establishing in memory a key table 
5 with a plurality .of multi-byte key entries; 

i. selecting an entry from the key table 
based on information in at least one of the bytes in the 
data undergoing transformation; and 

j. arithmetically combining each byte in 
10 the selected key with a corresponding byte in the data 
undergoing transformation, except that the data bytes used 
to select the key from the table entry remain unchanged, 
with a different byte in the data undergoing 
transformation used in each round to select the entry from 
15 the key table. 

44. The method of claim 39 wherein the step of 
combining the transformed data with a key includes the 
steps of: 

h. establishing in memory a key table 
5 with a plurality of multi-byte key entries; 

i. selecting an entry from the key table 
based on information in at least one of the bytes in the 
data undergoing transformation; and 

j . arithmetically combining each byte in 
10 the selected key with a corresponding byte in the data 
undergoing transformation, except that the data bytes used 
to select the key from the table entry remain unchanged. 

45. The method of claim 39 wherein the step of 
combining the transformed data with a key includes the 
steps of: 

h. establishing in memory a key table 
5 with a plurality of multi-byte key entries; 
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i. selecting an entry from the key" table 
based on information in at least one of the bytes in the 
datga undergoing transformation; and 

j- arithmetically combining each byte in 
10 the selected key with a corresponding byte in the data 
undergoing transformation. 

46. The method of claims 43, 44 or 45 wherein 
bits in the selected key are arithmetically combined with 
the corresponding bits in the data undergoing 
transformation by an Exclusive OR operation. 

47. The method of claims 43, 44 or 45 further 
including the steps of generating from the key table a 
determinant table having a plurality of entries which are 
each the result of an arithmetic combination of two or 

5 more values in the key table, and then combining an entry 
from said determinant table with said one of the values in 
the data undergoing transformation to select an entry from 
the key table. 

48. The method of claim 47 wherein a different 
entry from said determinant table is used during each 
round. 

49. The method of claim 47 wherein the entry 
from the determinant table and said one of the bytes in 
the data undergoing transformation are combined by an 
Exclusive OR operation. 

50. The method of claims 43, 44 or 45 wherein 
said key table is established by the steps of: 

k. establishing an initial key having a 
plurality of bytes; 
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5 1. selecting, in turn, at least one of 

said entries in each of said permutation and substitution 
tables based upon certain information in said initial key; 

m. transforming said initial key by said 
substitution and permutation functions in accordance with 
10 the directions of said selected entries in said tables; 

n. storing said transformed initial key 
as an entry in the key table memory; 

o. selecting, in turn, at least one of 
said entries in each of said substitution and permutation 
15 tables based upon certain information in at least one of 
the keys stored in the key table memory; 

p. transforming the key used in step (o) 
above by said substitution and permutation functions in 
accordance with the directions of said selected entries in 
20 said tables; 

q. storing said transformed key as 
another entry in the key table memory; and 

r. performing steps (o) - (q) above 
repetitively until said key table memory has a desired 
25 plurality of keys stored therein. 

51. The method of claim 50 wherein said initial 
key is not stored as an entry in the key table memory. 

52. The method of claim 50 wherein the entries 
in the substitution and permutation tables selected in 
step (o) above are based upon certain information in the 
latest key stored in the key table memory. 

53. The method of claims 38 or 41 further 
including the steps of establishing an enclave table with 
a plurality of entries for directing an enclave 
transformation in which each byte in the data undergoing 

5 transformation becomes a function of itself and of every 
other byte in the data, selecting at least one of said 
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entries in said enclave table, and transforming the data 
in accordance with the directions of the selected entry in 
the enclave table. 

54. She method of claim 53 further including 
the steps of generating from said key a determinant table 
having a plurality of entries which are the result of an 
arithmetic combination of two or more values in the key 
and then using one entry in said determinant table to 
select the entry from the enclave table used in the 
enclave function transformation of the data. 



55. The method of claims 43, 44 or 45 further 
mcludxng the steps of establishing an enclave table with 
• Plurality of entries for directing an enclave 
transformation in which each byte in the data undergoing 

5 transformation becomes a function of itself and of every 
otter byte in the data, selecting at least one of said 
entrxes in said enclave table, and transforming the data 
in accordance with the directions of the selected entry in 
the enclave table. 

56. The method of claim 55 further including 
the steps of generating from said key table a determinant 
table havmg a plurality of entries which are the result 
of an arithmetic combination of two or more values in the 
key table, and then using one entry in said determinant 
table to select the entry from the enclave table used in 
the enclave function transformation of the data. 

57. The method of claim 56 wherein a different 
entry from said determinant table is used during each 
round. * 
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58. The method of claim 42 further including 
the steps of selecting a second entry in the substitution 
table based upon certain information in the data 
undergoing transformation after it has been subjected to 

5 said substitution function, and then cryptographically 
transforming said data by a second substitution function 
in accordance with the second entry selected. 

59. The method of claim 58 wherein the 
substitution table entry selected for the second 
substitution is determined by the value of one of the 
bytes in the data undergoing transformation, excluding the 

5 byte used in claim 41 for determining the substitution 
table entry for the initial substitution function. 

60. The method of claims 43, 44 or 45 further 
including the steps of selecting a second key from the key 
table memory based on the value of one of the bytes in the 
data undergoing transformation, excluding the byte used in 

5 claims 43, 44 or 45 and arithmetically combining each byte 
in the selected second key with a corresponding byte in 
the data undergoing transformation, except that the byte 
used to select the second key remains unchanged, with a 
different byte in the data undergoing transformation used 

10 in each round to select the second key. 

61. An enclave function for cryptographically 
transforming electronic digital data from one form to 
another comprising the steps of: 

a. establishing in memory an enclave 
5 table with a plurality of entries for directing an 

autoclave function on a portion of the data undergoing 
transformation ; 

b . selecting a block of data having an 
even number of bytes; 
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10 c - dividing said data block into a first 

half-block including one-half of the bytes of the data 
block and into a second half -block including the remaining 
bytes of the data block; 

d. transforming the first half-block by 
15 said autoclave function as directed by a first entry in 

said enclave table; 

e. transforming the resultant first 
half-block after step (d) above by said autoclave function 
as directed by a second entry in said enclave table; 

20 f- combining the second half-block with 

the resultant first half-block after step (e) above by an 
Exclusive OR operation to generate resultant second half- 
block; 

g. transforming the resultant second 
25 half-block after step (f) above by said autoclave function 

as directed by a third entry in said enclave table; 

h. transforming the resultant second 
half-block after step (g) above by said autoclave function 
as directed by a fourth entry in said enclave table; 

30 i- combining the resultant second half- 

block after step (h) above with the resultant first half- 
block after step (e) above by an Exclusive OR operation to 
generate a resultant first half -block; and 

j. joining said resultant first half- 

35 block after step (i) above to said resultant second half- 
block after step (h) above to form the transformed data 
block. 



62. The method of claim 61 wherein the 
autoclave function used includes the steps of modifying a 
byte in the half-block undergoing transformation by adding 
said byte to at least two other bytes in the half-block, 
and sequentially repeating this addition process on each 
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of the other bytes in the half-block, using different 

bytes in each repetition to be added to the byte 
undergoing transformation. 
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